CVE-2022-2295: Type Confusion in V8

Q: What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2022-2295.

Q: What is the severity of CVE-2022-2295?

The severity of CVE-2022-2295 is high.

Q: How does the vulnerability CVE-2022-2295 occur?

The vulnerability CVE-2022-2295 occurs due to type confusion in V8 in Google Chrome.

Q: How can an attacker potentially exploit CVE-2022-2295?

An attacker can potentially exploit CVE-2022-2295 by using a crafted HTML page to cause heap corruption.

Q: How can I fix the vulnerability CVE-2022-2295?

To fix the vulnerability CVE-2022-2295, update Google Chrome to version 103.0.5060.114 or later.

Published Jun 16, 2022

Updated

Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Credit

avaue, Buff3tts at S.S.L.

Affected Software

5 affected componentsFixes available

Google Chrome<103.0.5060.114

103.0.5060.114

Google Chrome<103.0.5060.114

Fedora EPEL=8.0

fedoraproject fedora=35

fedoraproject fedora=36

Event History

Jun 16, 2022

CVE Published

12:00 AM

Jul 28, 2022

CVE Published

via MITRE·01:00 AM

Data Sourced

via MITRE·01:00 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

5089288012050676645

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2022-2295.

What is the severity of CVE-2022-2295?

The severity of CVE-2022-2295 is high.

How does the vulnerability CVE-2022-2295 occur?