CVE-2022-3038
CVE-2022-3038
In short
Google Chrome had a flaw where freed memory could be used again, allowing attackers to corrupt data on your computer through a malicious webpage.
Technical detail
Use-after-free vulnerability in Chrome's Network Service prior to version 105.0.5195.52 enables heap corruption exploitation via crafted HTML. Remote attack vector requires user interaction (visiting malicious page); impact includes potential code execution or information disclosure through heap memory manipulation.
Summary generated and translated by AI from the official description.
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chromepublic PoCs found — 1
cve_referencepacketstormsecurity.com/files/168596/Google-Chrome-103.0.5060.53-network-URLLoader-NotifyCompleted-Heap-Use-After-Free.htmlunverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/168596/Google-Chrome-103.0.5060.53-network-URLLoader-NotifyCompleted-Heap-Use-After-Free.htmlhttps://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.htmlhttps://crbug.com/1340253https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/https://security.gentoo.org/glsa/202209-23https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3038