CVE-2022-3658
Debian Security Advisory 5261-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)
El use after free en el servicio de comentarios en Chrome OS en Google Chrome en Chrome OS anterior a 107.0.5304.62 permitió a un atacante convencer a un usuario de instalar una extensión maliciosa para explotar potencialmente la corrupción del montón a través de una interacción de interfaz de usuario específica. (Severidad de seguridad de Chromium: media)
Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-10-21 CVE Reserved
- 2022-10-27 CVE Published
- 2024-11-12 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html | 2022-12-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 107.0.5304.62 Search vendor "Google" for product "Chrome" and version " < 107.0.5304.62" | - |
Affected
| in | Google Search vendor "Google" | Chrome Os Search vendor "Google" for product "Chrome Os" | - | - |
Safe
|