⚠ Actively exploited
Added to CISA KEV on 2022-11-28. Federal agencies required to patch by 2022-12-19. Required action: Apply updates per vendor instructions..
CVE-2022-4135 — Out-of-bounds Write in Google Chrome
Severity
9.6CRITICALNVD
EPSS
0.1%
top 72.97%
CISA KEV
KEV
Added 2022-11-28
Due 2022-12-19
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedNov 25
KEV addedNov 28
Latest updateDec 14
KEV dueDec 19
CISA Required Action: Apply updates per vendor instructions.
Description
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0
Affected Packages6 packages
🔴Vulnerability Details
6📋Vendor Advisories
4Debian▶
CVE-2022-4135: chromium - Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a r...↗2022