CVE-2022-1635
Gentoo Linux Security Advisory 202208-25
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use after free in Permission Prompts in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interactions.
Un uso de memoria previamente liberada en Permission Prompts en Google Chrome versiones anteriores a 101.0.4951.64, permitía a un atacante remoto que convencía a un usuario de participar en interacciones específicas de la interfaz de usuario explotar potencialmente la corrupción de la pila por medio de interacciones específicas del usuario.
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 5.15.5_p20220618>= are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-05-09 CVE Reserved
- 2022-05-28 CVE Published
- 2024-08-03 CVE Updated
- 2025-04-20 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html | 2022-10-26 | |
| https://security.gentoo.org/glsa/202208-25 | 2022-10-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 101.0.4951.64 Search vendor "Google" for product "Chrome" and version " < 101.0.4951.64" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|