Lucene search

Ubuntu.comUB:CVE-2022-2742

HistoryJan 02, 2023 - 12:00 a.m.

CVE-2022-2742

2023-01-0200:00:00

ubuntu.com

google chrome

exosphere

use after free

chrome os

lacros

heap corruption

remote attacker

ui interactions

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.019 Low

EPSS

Percentile

88.4%

JSON

Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior
to 104.0.5112.79 allowed a remote attacker who convinced a user to engage
in specific UI interactions to potentially exploit heap corruption via
crafted UI interactions. (Chrome security severity: High)

Notes

Author	Note
alexmurray	The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur	starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchchromium-browser< 104.0.5112.101-0ubuntu0.18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	chromium-browser	< 104.0.5112.101-0ubuntu0.18.04.1	UNKNOWN

References

chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html

crbug.com/1319172

launchpad.net/bugs/cve/CVE-2022-2742

nvd.nist.gov/vuln/detail/CVE-2022-2742

security-tracker.debian.org/tracker/CVE-2022-2742

www.cve.org/CVERecord?id=CVE-2022-2742

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.019 Low

EPSS

Percentile

88.4%

JSON

Related for UB:CVE-2022-2742