CVE-2022-3654
published 2022-11-01CVE-2022-3654: Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…
PriorityP261high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
23.80%
97.5th percentile
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 107.0.5304.68-1~deb11u1 | 107.0.5304.68-1~deb11u1 |
| chromium | chromium | >= 0 < 107.0.5304.68-1 | 107.0.5304.68-1 |
| chromium | chromium | >= 0 < 107.0.5304.68-1 | 107.0.5304.68-1 |
| chromium | chromium | >= 0 < 107.0.5304.68-1 | 107.0.5304.68-1 |
| debian | chromium | < chromium 107.0.5304.68-1 (bookworm) | chromium 107.0.5304.68-1 (bookworm) |
| chrome | < 107.0.5304.62 | 107.0.5304.62 | |
| chrome | >= unspecified < 107.0.5304.62 | 107.0.5304.62 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2022-3654 is a Use-After-Free in the Layout component of Google Chrome. Exploitation requires a crafted HTML page delivered to the victim, resulting in heap corruption. Detection should focus on Chrome/Edge processes crashing or exhibiting anomalous heap behavior when rendering attacker-controlled HTML. ↗
- →The vulnerability was reported by Sergei Glazunov of Google Project Zero (Chromium bug 1365330). Threat intelligence pivoting on this bug ID may surface proof-of-concept or exploit code. ↗
- ·Debian-based systems running Chromium should check for the fixed package version 107.0.5304.68-1 (or distro-specific backport) across bookworm, bullseye, sid, trixie, and forky. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Chrome
Stable Channel Update for Desktop: CVE-2022-3653
vendor_chrome·2022-10-25·CVSS 8.8
CVE-2022-3653 [HIGH] Stable Channel Update for Desktop: CVE-2022-3653
Stable Channel Update for Desktop
CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19 [$TBD][ 1365330 ] High CVE-2022-3654: Use after free in Layout
Reported by Sergei Glazunov of Google Project Zero on 2022-09-19 [$3000][ 1279268 ] Medium CVE-2022-4910: Inappropriate implementation in Autofill
Severity: high
Microsoft
Chromium: CVE-2022-3654 Use after free in Layout
vendor_msrc·2022-10-11·CVSS 8.8
CVE-2022-3654 [HIGH] Chromium: CVE-2022-3654 Use after free in Layout
Chromium: CVE-2022-3654 Use after free in Layout
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ: What
Debian
CVE-2022-3654: chromium - Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remot...
vendor_debian·2022·CVSS 8.8
CVE-2022-3654 [HIGH] CVE-2022-3654: chromium - Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remot...
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 107.0.5304.68-1)
bullseye: resolved (fixed in 107.0.5304.68-1~deb11u1)
forky: resolved (fixed in 107.0.5304.68-1)
sid: resolved (fixed in 107.0.5304.68-1)
trixie: resolved (fixed in 107.0.5304.68-1)
GHSA
GHSA-99cg-5xjc-jpvj: Use after free in Layout in Google Chrome prior to 107
ghsa_unreviewed·2022-11-02
CVE-2022-3654 [HIGH] CWE-416 GHSA-99cg-5xjc-jpvj: Use after free in Layout in Google Chrome prior to 107
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)
OSV
CVE-2022-3654: Use after free in Layout in Google Chrome prior to 107
osv·2022-11-01·CVSS 8.8
CVE-2022-3654 [HIGH] CVE-2022-3654: Use after free in Layout in Google Chrome prior to 107
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.htmlhttps://crbug.com/1365330http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.htmlhttps://crbug.com/1365330
2022-11-01
Published