Vulnerability Details CVE-2022-3890
Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.5%
CVSS Severity
CVSS v3 Score 9.6
References
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1380083
- https://www.debian.org/security/2022/dsa-5275
- https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html
- https://crbug.com/1380083
- https://www.debian.org/security/2022/dsa-5275
Products affected by CVE-2022-3890
-
cpe:2.3:a:google:chrome:38.0.2125.101
-
cpe:2.3:a:google:chrome:40.0.2214.109
-
cpe:2.3:a:google:chrome:40.0.2214.89
-
cpe:2.3:a:google:chrome:42.0.2311.107
-
cpe:2.3:a:google:chrome:54.0.2840.68
-
cpe:2.3:a:google:chrome:83.0.4103.106
-
cpe:2.3:o:debian:debian_linux:11.0