Published: 26/09/2022 Updated: 27/09/2022

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

Use after free in Browser Creation in Google Chrome before 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome

LTS-96 has been updated in the LTS channel to 9604664219 (Platform Version: 142681040) for most ChromeOS devices Want to know more about Long-term Support? Click here This update includes the following Security fixes:1338135 High CVE-2022-2857 Use after free in Blink1329794 High CVE-2022-2998&nbsp ...

A new LTS Candidate, LTC- 10205005177 (Platform Version: 146951280),  is rolling out for most ChromeOS devices Release notes for LTC-102 can be found here Want to know more about Long-term Support? Click here This update includes the following Security fixes:1327087HighCVE-2022-2296Use after free in C ...

CVE-2022-2998 Use after free in Browser Creation in Google Chrome prior to 10405112101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page authentication complexity vector not available not available not available confidentiality integrity availability not a

CWE-416 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html https://crbug.com/1329794 https://github.com/Live-Hack-CVE/CVE-2022-2998 https://nvd.nist.gov https://chromereleases.googleblog.com/2022/08/long-term-support-channel-update-for_31.html

CVE-2022-2998

Vulnerability Summary

Most Upvoted Vulmon Research Post

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect