CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
97.2%
Chrome Releases reports:
This release contains 24 security fixes, including:
[1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28
[1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11
[1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03
[1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20
[1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22
[1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16
[1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12
[1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis <[email protected]> on 2022-06-26
[1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21
[1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07
[1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06
[1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17
[1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17
[1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18
[1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21
[1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08
[1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24
[1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11
[1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26
[1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16
[1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20