Lucene search

K
ubuntucveUbuntu.comUB:CVE-2022-3890
HistoryNov 09, 2022 - 12:00 a.m.

CVE-2022-3890

2022-11-0900:00:00
ubuntu.com
ubuntu.com
14
cve-2022-3890
crashpad
google chrome
android
sandbox escape
html
chromium
ubuntu
debian
snap

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

57.4%

Heap buffer overflow in Crashpad in Google Chrome on Android prior to
107.0.5304.106 allowed a remote attacker who had compromised the renderer
process to potentially perform a sandbox escape via a crafted HTML page.
(Chromium security severity: High)

Notes

Author Note
alexmurray The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchchromium-browser< 108.0.5359.71-0ubuntu0.18.04.5UNKNOWN

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS

0.002

Percentile

57.4%