Vulnerability Data

by Reconmap

CVE-2022-2613

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

Published at
2022-08-12T20:15Z
484 days ago
Modified
2022-10-27T18:50Z
408 days ago
CWE-416
Problem type

Impact

CVSS v3 vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Severity Score Vector

8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References


URLType
chromereleases.googleblog.com
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html		MISC
crbug.com
https://crbug.com/1325256		MISC
GLSA-202208-35
https://security.gentoo.org/glsa/202208-35		GENTOO
FEDORA-2022-3f28aa88cf
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/		FEDORA

GET https://vulnerabilitydata.com/api/details/CVE-2022-2613

{
	"id": "CVE-2022-2613",
	"published_date": "2022-08-12T20:15Z",
	"last_modified_date": "2022-10-27T18:50Z",
	"assigner": "chrome-cve-admin@google.com",
	"description": "Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.",
	"references": [
		{
			"url": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html",
			"name": "https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html",
			"refsource": "MISC",
			"tags": [
				"Vendor Advisory"
			]
		},
		{
			"url": "https://crbug.com/1325256",
			"name": "https://crbug.com/1325256",
			"refsource": "MISC",
			"tags": [
				"Issue Tracking",
				"Permissions Required",
				"Vendor Advisory"
			]
		},
		{
			"url": "https://security.gentoo.org/glsa/202208-35",
			"name": "GLSA-202208-35",
			"refsource": "GENTOO",
			"tags": [
				"Third Party Advisory"
			]
		},
		{
			"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/",
			"name": "FEDORA-2022-3f28aa88cf",
			"refsource": "FEDORA",
			"tags": [
				"Mailing List",
				"Third Party Advisory"
			]
		}
	],
	"impact": {
		"baseMetricV3": {
			"cvssV3": {
				"version": "3.1",
				"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
				"attackVector": "NETWORK",
				"attackComplexity": "LOW",
				"privilegesRequired": "NONE",
				"userInteraction": "REQUIRED",
				"scope": "UNCHANGED",
				"confidentialityImpact": "HIGH",
				"integrityImpact": "HIGH",
				"availabilityImpact": "HIGH",
				"baseScore": 8.8,
				"baseSeverity": "HIGH"
			},
			"exploitabilityScore": 2.8,
			"impactScore": 5.9
		}
	},
	"problem_type": "CWE-416"
}