CVE-2022-4135
Google Chromium GPU Heap Buffer Overflow Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
El desbordamiento del búfer de montón en GPU en Google Chrome anterior a 107.0.5304.121 permitió a un atacante remoto que había comprometido el proceso de renderizado realizar potencialmente un escape de la zona de pruebas a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta)
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-11-24 CVE Reserved
- 2022-11-25 CVE Published
- 2022-11-28 Exploited in Wild
- 2022-12-19 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-11-21 EPSS Updated
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://crbug.com/1392715 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html | 2024-06-28 | |
https://security.gentoo.org/glsa/202305-10 | 2024-06-28 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 107.0.5304.121 Search vendor "Google" for product "Chrome" and version " < 107.0.5304.121" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Edge Search vendor "Microsoft" for product "Edge" | < 107.0.1418.62 Search vendor "Microsoft" for product "Edge" and version " < 107.0.1418.62" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Edge Chromium Search vendor "Microsoft" for product "Edge Chromium" | < 107.0.5304.150 Search vendor "Microsoft" for product "Edge Chromium" and version " < 107.0.5304.150" | - |
Affected
|