CVE-2022-2163

2022-07-2802:15:07

CWE-416

Chrome

web.nvd.nist.gov

187

cve-2022-2163

google chrome

security vulnerability

exploit

heap corruption

cast ui

toolbar

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

68.8%

JSON

Use after free in Cast UI and Toolbar in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via UI interaction.

Affected configurations

Nvd

Vulners

Node

googlechromeRange<103.0.5060.134

Node

fedoraprojectextra_packages_for_enterprise_linuxMatch8.0

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
fedoraprojectextra_packages_for_enterprise_linux8.0cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
fedoraproject	extra_packages_for_enterprise_linux	8.0	cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*

CNA Affected

[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "103.0.5060.134",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]