CVE-2022-3075
CVE-2022-3075
In short
A flaw in Google Chrome's Mojo system allowed attackers who compromised the browser's renderer to escape the security sandbox and access the full system. This is dangerous because the sandbox normally blocks malicious code from doing serious damage.
Technical detail
Insufficient input validation in Mojo before Chrome 105.0.5195.102 enabled sandbox escape when an attacker with renderer process compromise could craft a malicious HTML page to trigger the vulnerability. Attack requires prior renderer compromise; impact is critical as it breaks the isolation boundary protecting the system from browser-based exploits.
Summary generated and translated by AI from the official description.
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.htmlhttps://crbug.com/1358134https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/https://security.gentoo.org/glsa/202209-23https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3075