CVE-2022-4916 — Use After Free in Google Chrome

CWE-416 — Use After Free5 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.7%

top 27.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium

Timeline

PublishedJul 29

Latest updateApr 29

Description

Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome103.0.5060.53 — 103.0.5060.53

▶NVDgoogle/chrome< 103.0.5060.53

▶debiandebian/chromium< chromium 103.0.5060.53-1 (bookworm)

▶Debianchromium/chromium< 103.0.5060.53-1~deb11u1+3

🔴Vulnerability Details

OSV

CVE-2022-4916: Use after free in Media in Google Chrome prior to 103↗2023-07-29

▶

GHSA

GHSA-chhg-fvc6-qv3x: Use after free in Media in Google Chrome prior to 103↗2023-07-29

▶

📋Vendor Advisories

Debian

CVE-2022-4916: chromium - Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote...↗2022

▶

💬Community

Bugzilla

CVE-2022-48666 kernel: scsi: core: Fix a use-after-free↗2024-04-29

▶