Lucene search

Ubuntu.comUB:CVE-2022-3863

HistoryJan 02, 2023 - 12:00 a.m.

CVE-2022-3863

2023-01-0200:00:00

ubuntu.com

google chrome

use after free

vulnerability

remote attacker

heap corruption

crafted html page

security severity

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON

Use after free in Browser History in Google Chrome prior to 100.0.4896.75
allowed a remote attacker to potentially exploit heap corruption via a
crafted HTML page. (Chrome security severity: High)

Notes

Author	Note
alexmurray	The Debian chromium source package is called chromium-browser in Ubuntu
mdeslaur	starting with Ubuntu 19.10, the chromium-browser package is just a script that installs the Chromium snap

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchchromium-browser< 100.0.4896.127-0ubuntu0.18.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	chromium-browser	< 100.0.4896.127-0ubuntu0.18.04.1	UNKNOWN

References

chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html

crbug.com/1306507

launchpad.net/bugs/cve/CVE-2022-3863

nvd.nist.gov/vuln/detail/CVE-2022-3863

security-tracker.debian.org/tracker/CVE-2022-3863

www.cve.org/CVERecord?id=CVE-2022-3863

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

43.1%

JSON

Related for UB:CVE-2022-3863