CVE-2022-0469

Description

Use after free in Cast in Google Chrome prior to 98.0.4758.80 allowed a remote attacker who convinced a user to engage in specific interactions to potentially exploit heap corruption via a crafted HTML page.

Risk Information

Base Score

8.8

MODERATE

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

Exploitation Probability

0.191

Associated Vulnerability

Vulnerability	OS Platform
Multiple vulnerabilities fixed in Google Chrome (98.0.4758.80)	Windows
Multiple vulnerabilities fixed in Google Chrome (x64) (98.0.4758.80)	Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (x64) (98.0.1108.43)	Windows
Multiple vulnerabilities fixed in Microsoft Edge for chromium business (98.0.1108.43)	Windows
Multiple vulnerabilities are fixed in Google Chrome For Mac 98.0.4758.80	Mac
Multiple vulnerabilities are fixed in Google Chrome for Mac 98.0.4758.82	Mac
Multiple vulnerabilities Affected in Chrome for Centos 98.0.4758.81	Linux
Multiple vulnerabilities Affected in Chrome for Debian 98.0.4758.81	Linux
Multiple vulnerabilities Affected in Chrome for RedHat 98.0.4758.81	Linux
Multiple vulnerabilities Affected in Chrome for Suse 98.0.4758.81	Linux
Multiple vulnerabilities Affected in Chrome for Ubuntu 98.0.4758.81	Linux
chromium security update(DSA-5068-1) chromium_98.0.4758.80-1~deb11u1_amd64.deb	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-323436	Google Chrome (98.0.4758.80/81/82)
PATCH-323437	Google Chrome (x64) (98.0.4758.80/81/82)
PATCH-109332	Microsoft Edge for chromium business (99.0.1150.30) (x64)
PATCH-109333	Microsoft Edge for chromium business (99.0.1150.30) (x86)
PATCH-609673	Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)
PATCH-611995	Google Chrome for Mac (140.0.7339.132 , 140.0.7339.133)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234