Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-3306
HistoryNov 01, 2022 - 12:00 a.m.

CVE-2022-3306

2022-11-0100:00:00
ubuntu.com
ubuntu.com
25
google chrome
chromeos
use after free
survey
heap corruption
crafted html page
remote attacker
cve-2022-3306
chromium security severity
ubuntu 19.10

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.035

Percentile

91.6%

Use after free in survey in Google Chrome on ChromeOS prior to
106.0.5249.62 allowed a remote attacker to potentially exploit heap
corruption via a crafted HTML page. (Chromium security severity: High)

Notes

Author Note
alexmurray The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchchromium-browser< 107.0.5304.87-0ubuntu11.18.04.1UNKNOWN

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.035

Percentile

91.6%