CVE-2022-2295Type Confusion in Google Chrome

CWE-843Type Confusion12 documents9 sources
Severity
8.8HIGHNVD
EPSS
1.1%
top 21.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedJul 28
Latest updateNov 18

Description

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5google/chromeunspecified103.0.5060.114
NVDgoogle/chrome< 103.0.5060.114
debiandebian/chromium< chromium 103.0.5060.114-1 (bookworm)
Debianchromium/chromium< 103.0.5060.114-1~deb11u1+3

Also affects: Fedora 35, 36

🔴Vulnerability Details

3
GHSA
GHSA-gmjf-5wf6-pxg7: Type confusion in V8 in Google Chrome prior to 1032022-07-29
OSV
CVE-2022-2295: Type confusion in V8 in Google Chrome prior to 1032022-07-28
VulnCheck
Google Chrome Access of Resource Using Incompatible Type ('Type Confusion')2022

📋Vendor Advisories

2
Microsoft
Chromium: CVE-2022-2295 Type Confusion in V82022-07-12
Debian
CVE-2022-2295: chromium - Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote a...2022

🕵️Threat Intelligence

6
Securelist
IT threat evolution in Q3 2022. Non-mobile statistics2022-11-18
Securelist
PC malware statistics, Q3 20222022-11-18
Qualys
July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities with 4 Critical, plus 2 Microsoft Edge (Chromium-Based) | Qualys2022-07-12
Qualys
July 2022 Patch Tuesday | Microsoft Releases 84 Vulnerabilities With 4 Critical, Plus 2 Microsoft Edge (Chromium-Based); Adobe Releases 4 Advisories, 27 Vulnerabilities With 18 Critical.2022-07-12
Talos
Threat Source newsletter (July 7, 2022) — Teamwork makes the dream work2022-07-07
CVE-2022-2295 — Type Confusion in Google Chrome | cvebase