CVE-2022-2011Use After Free in Google Chrome

CWE-416Use After FreeCWE-843Type ConfusionCWE-414Missing Lock CheckCWE-787Out-of-bounds WriteCWE-99Resource InjectionCWE-413Improper Resource LockingCWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-189CWE-310CWE-26430 documents10 sources
Severity
8.8HIGHNVD
CISA9.8CISA7.8CISA5.7
EPSS
0.9%
top 24.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedJul 28
Latest updateJun 18

Description

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5google/chromeunspecified102.0.5005.115
NVDgoogle/chrome< 102.0.5005.115
debiandebian/chromium< chromium 102.0.5005.115-1 (bookworm)
Debianchromium/chromium< 102.0.5005.115-1~deb11u1+3

Also affects: Fedora 37

🔴Vulnerability Details

2
GHSA
GHSA-67vw-x24w-99pv: Use after free in ANGLE in Google Chrome prior to 1022022-07-29
OSV
CVE-2022-2011: Use after free in ANGLE in Google Chrome prior to 1022022-07-28

📋Vendor Advisories

20
Red Hat
kernel: dm raid: fix address sanitizer warning in raid_status2025-06-18
Red Hat
kernel: bpf: Fix a btf decl_tag bug when tagging a function2025-02-26
Red Hat
kernel: tipc: fix use-after-free Read in tipc_named_reinit2025-02-26
Red Hat
kernel: bonding: fix missed rcu protection2025-02-26
Red Hat
kernel: netfilter: nf_tables: unregister flowtable hooks on netns exit2024-08-22

🕵️Threat Intelligence

2
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical.2022-06-14
Qualys
June 2022 Patch Tuesday | Microsoft Releases 55 Vulnerabilities With 3 Critical; Adobe Releases 6 Advisories, 46 Vulnerabilities With 40 Critical. | Qualys2022-06-14