CVE-2022-0115: Uninitialized Use in File API

Q: What is the severity of CVE-2022-0115?

CVE-2022-0115 has been classified as a high severity vulnerability due to the potential for out of bounds memory access.

Q: How do I fix CVE-2022-0115?

To fix CVE-2022-0115, ensure that your Google Chrome or Chromium browser is updated to version 97.0.4692.71 or later.

Q: What versions are affected by CVE-2022-0115?

CVE-2022-0115 affects Google Chrome versions prior to 97.0.4692.71 and various versions of Chromium on Debian systems.

Q: Can CVE-2022-0115 be exploited remotely?

Yes, CVE-2022-0115 can be exploited remotely via a specially crafted HTML page.

Q: Is there a workaround for CVE-2022-0115?

There are no specific workarounds for CVE-2022-0115, the best mitigation is to upgrade to the safe version.

Published Nov 10, 2021

Updated

Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.

Credit

Mark Brand(Google Project Zero)

Affected Software

6 affected componentsFixes available

debian/chromium<=90.0.4430.212-1~deb10u1

116.0.5845.180-1~deb11u1118.0.5993.70-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.70-1~deb12u1118.0.5993.70-1

Google Chrome<97.0.4692.71

97.0.4692.71

Google Chrome<97.0.4692.71

fedoraproject fedora=34

fedoraproject fedora=35

fedoraproject fedora=36

Remediation

Patch Available

https://crbug.com/1268903

Event History

Nov 10, 2021

CVE Published

12:00 AM

Feb 11, 2022

CVE Published

via MITRE·11:36 PM

Data Sourced

via MITRE·11:36 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

3758141203538733592

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2022-0115?