Lucene search

Ubuntu.comUB:CVE-2022-2743

HistoryJan 02, 2023 - 12:00 a.m.

CVE-2022-2743

2023-01-0200:00:00

ubuntu.com

integer overflow

google chrome

window manager

out of bounds memory write

chrome os

lacros

remote attacker

ui interactions

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.2%

JSON

Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros
prior to 104.0.5112.79 allowed a remote attacker who convinced a user to
engage in specific UI interactions to perform an out of bounds memory write
via crafted UI interactions. (Chrome security severity: High)

Notes

Author	Note
alexmurray	The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur	starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchchromium-browser< 104.0.5112.101-0ubuntu0.18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	chromium-browser	< 104.0.5112.101-0ubuntu0.18.04.1	UNKNOWN

References

chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html

crbug.com/1316960

launchpad.net/bugs/cve/CVE-2022-2743

nvd.nist.gov/vuln/detail/CVE-2022-2743

security-tracker.debian.org/tracker/CVE-2022-2743

www.cve.org/CVERecord?id=CVE-2022-2743

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

45.2%

JSON

Related for UB:CVE-2022-2743