Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
References
Link | Resource |
---|---|
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html | Release Notes Vendor Advisory |
https://crbug.com/1392715 | Permissions Required |
https://security.gentoo.org/glsa/202305-10 |
Configurations
History
03 May 2023, 12:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Nov 2022, 17:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:* cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:* |
|
First Time |
Microsoft
Microsoft edge Chromium Microsoft edge |
28 Nov 2022, 14:44
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
First Time |
Google chrome
|
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.6 |
CWE | CWE-787 | |
References | (MISC) https://crbug.com/1392715 - Permissions Required | |
References | (MISC) https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html - Release Notes, Vendor Advisory |
25 Nov 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-25 01:15
Updated : 2024-02-15 02:00
NVD link : CVE-2022-4135
Mitre link : CVE-2022-4135
CVE.ORG link : CVE-2022-4135
JSON object : View
Products Affected
microsoft
- edge
- edge_chromium
- chrome
CWE
CWE-787
Out-of-bounds Write