CVE-2022-1860
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.
Un uso de memoria previamente liberada en UI Foundations en Google Chrome en Chrome OS versiones anteriores a 102.0.5005.61, permitía que un atacante remoto que convenciera a un usuario de participar en una interacción de usuario específica explotar potencialmente una corrupción de la pila por medio de interacciones específicas con el usuario
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-05-24 CVE Reserved
- 2022-05-28 CVE Published
- 2024-08-03 CVE Updated
- 2024-09-19 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html | 2022-10-26 | |
| https://security.gentoo.org/glsa/202208-25 | 2022-10-26 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 102.0.5005.61 Search vendor "Google" for product "Chrome" and version " < 102.0.5005.61" | - |
Affected
| ||||||