CVE-2022-4135

CVSS 9.6 CRITICALEPSS 31.9%● KEVCWE-787

In short

A memory overflow flaw in Chrome's GPU component allowed attackers who compromised the browser's renderer to escape the sandbox and gain full system access. This is critical because it enables attackers to break out of Chrome's security isolation.

Technical detail

Heap buffer overflow in the GPU command processing pipeline (CWE-787) in Chrome versions prior to 107.0.5304.121. Requires prior renderer process compromise as precondition; triggered via crafted HTML page. Impacts confidentiality, integrity, and availability through sandbox escape.

Summary generated and translated by AI from the official description.

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html https://crbug.com/1392715 https://security.gentoo.org/glsa/202305-10 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4135