CVE-2022-2296: Use after free in Chrome OS Shell

Q: What is CVE-2022-2296?

CVE-2022-2296 is a vulnerability that allows a remote attacker to potentially exploit heap corruption in Google Chrome on Chrome OS prior to version 103.0.5060.114.

Q: How severe is CVE-2022-2296?

CVE-2022-2296 has a severity rating of 8.8 (high).

Q: What is the affected software for CVE-2022-2296?

The affected software for CVE-2022-2296 includes Google Chrome on Chrome OS prior to version 103.0.5060.114.

Q: How can I fix CVE-2022-2296?

To fix CVE-2022-2296, update Google Chrome on Chrome OS to version 103.0.5060.114 or higher.

Q: Where can I find more information about CVE-2022-2296?

You can find more information about CVE-2022-2296 in the references section of the vulnerability report.

Published May 19, 2022

Updated

Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.

Credit

Khalil Zhani

Affected Software

6 affected componentsFixes available

Google Chrome<103.0.5060.114

103.0.5060.114

Google Chrome<103.0.5060.114

Google Chrome OS

Fedora EPEL=8.0

fedoraproject fedora=35

fedoraproject fedora=36

Event History

May 19, 2022

CVE Published

12:00 AM

Jul 28, 2022

CVE Published

via MITRE·01:01 AM

Data Sourced

via MITRE·01:01 AM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

5089288012050676645

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is CVE-2022-2296?

CVE-2022-2296 is a vulnerability that allows a remote attacker to potentially exploit heap corruption in Google Chrome on Chrome OS prior to version 103.0.5060.114.

How severe is CVE-2022-2296?

CVE-2022-2296 has a severity rating of 8.8 (high).

What is the affected software for CVE-2022-2296?