8.8
CVSSv3

CVE-2022-2295

Published: 28/07/2022 Updated: 21/08/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

Vulnerability Summary

Type confusion in V8 in Google Chrome before 103.0.5060.114 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

fedoraproject extra packages for enterprise linux 8.0

fedoraproject fedora 35

fedoraproject fedora 36

Vendor Advisories

Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure For the stable distribution (bullseye), these problems have been fixed in version 10305060114-1~deb11u1 We recommend that you upgrade your chromium packages For the detailed security status o ...
Hi, everyone! We've just released Chrome 103 (1030506071) for Android: it'll become available on Google Play over the next few daysThis release includes security,stability and performance improvements You can see a full list of the changes in the Git log  Security Fixes and RewardsNote: Access to bug details and links may be ...
The Stable channel has been updated to 10305060114 for Windows which will roll out over the coming days/weeks A full list of changes in this build is available in the log Interested in switching release channels? Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a great place to r ...

Github Repositories

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI PoC for CVE-2022-2295 Usage: usage: CVE-2022-22954-testpy [-h] -m SET_MODE [-i IP] [-c CMD] CVE-2022-22954 - PoC SSTI optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD

FuYao - Go 扶摇直上九万里 加入Discord|问题反馈|漏洞列表 自动化进行目标资产探测和安全漏洞扫描|适用于赏金活动、SRC活动、大规模使用、大范围使用|通过使用被动在线资源来发现网站的有效子域|使用零误报的定制模板向目标发送请求,同时可以对大量主机进行快速扫描。|提供TCP

Recent Articles

Google Patches Actively Exploited Chrome Bug
Threatpost • Elizabeth Montalbano • 05 Jul 2022

While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.
Chrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in separate blog posts published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the bro...

Chromium's WebRTC zero-day fix arrives in Microsoft Edge
The Register • Richard Speed • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Update addresses heap buffer overflow and type confusion bugs in Google's browser engine

Microsoft has followed Google's lead and issued an update for its Edge browser following the arrival of a WebRTC zero-day.
The Windows giant uses the Chromium engine in its latest browser. As such, when something needs urgent fixing in Chrome, one can expect Edge to follow not far behind. For CVE-2022-2294 and CVE-2022-2295, a new version of Edge has been pushed out, taking the version number in the stable channel to 103.0.1264.49.
Most serious of the duo is CVE-2022-2294, a heap buf...