CVE-2022-0605
Debian Security Advisory 5079-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
Un uso de memoria previamente liberada en Webstore API en Google Chrome versiones anteriores a 98.0.4758.102, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa y lo convenciera de participar en una interacción específica con el usuario, explotar potencialmente una corrupción de la pila por medio de una página HTML diseñada
Multiple vulnerabilities have been found in Chromium and Google Chrome, the worst of which could result in the arbitrary execution of code. Versions less than 98.0.4758.102 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-02-14 CVE Reserved
- 2022-02-21 CVE Published
- 2024-08-02 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html | 2022-04-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 98.0.4758.102 Search vendor "Google" for product "Chrome" and version " < 98.0.4758.102" | - |
Affected
| ||||||