cbcvebase.
CVE-2022-3654
published 2022-11-01

CVE-2022-3654: Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page…

PriorityP261high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
23.80%
97.5th percentile
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Affected

9 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 107.0.5304.68-1~deb11u1107.0.5304.68-1~deb11u1
chromiumchromium>= 0 < 107.0.5304.68-1107.0.5304.68-1
chromiumchromium>= 0 < 107.0.5304.68-1107.0.5304.68-1
chromiumchromium>= 0 < 107.0.5304.68-1107.0.5304.68-1
debianchromium< chromium 107.0.5304.68-1 (bookworm)chromium 107.0.5304.68-1 (bookworm)
googlechrome< 107.0.5304.62107.0.5304.62
googlechrome>= unspecified < 107.0.5304.62107.0.5304.62
googlechrome_chrome
msrcmicrosoft_edge

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2022-3654 is a Use-After-Free in the Layout component of Google Chrome. Exploitation requires a crafted HTML page delivered to the victim, resulting in heap corruption. Detection should focus on Chrome/Edge processes crashing or exhibiting anomalous heap behavior when rendering attacker-controlled HTML.
  • The vulnerability was reported by Sergei Glazunov of Google Project Zero (Chromium bug 1365330). Threat intelligence pivoting on this bug ID may surface proof-of-concept or exploit code.
  • ·Debian-based systems running Chromium should check for the fixed package version 107.0.5304.68-1 (or distro-specific backport) across bookworm, bullseye, sid, trixie, and forky.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.