CVE-2022-4135
CRITICAL9.6⚠ KEVEPSS 0.08%Heap buffer overflow in GPU
Published: 11/25/2022Modified: 4/28/2026Added to CISA KEV: 11/28/2022
Description
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Affected packages (3)
- Debian/chromiumfrom 0, < 107.0.5304.121-1~deb11u1
- Debian/chromiumfrom 0, < 107.0.5304.121-1~deb11u1
- npm/electron>= 19.0.0, < 19.1.8
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.6 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-4135
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-4135
- WEBhttps://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
- WEBhttps://crbug.com/1392715
- WEBhttps://github.com/electron/electron/pull/36444
- WEBhttps://github.com/electron/electron/pull/36447
- WEBhttps://security.gentoo.org/glsa/202305-10