PT-2021-6240 · Google+3 · Google Chrome+3

Jonno.5000

Published

2021-12-31

Updated

2024-06-15

CVE-2022-0806

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 99.0.4844.51 Microsoft Edge (affected versions not specified)

Description The issue is related to a component called Canvas in Google Chrome and Microsoft Edge browsers, involving the use of memory after it has been freed. This could allow a remote attacker to disclose protected information. A specific scenario involves a remote attacker convincing a user to engage in screen sharing, potentially leading to the leak of cross-origin data via a crafted HTML page.

Recommendations For Google Chrome versions prior to 99.0.4844.51, update to version 99.0.4844.51 or later. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-416

Related Identifiers

ALT-PU-2022-1431

ALT-PU-2022-1580

ALT-PU-2022-1681

ALT-PU-2022-2055

BDU:2022-01170

CVE-2022-0806

DSA-5089-1

OPENSUSE-SU-2022:0075-1

OPENSUSE-SU-2022:0103-1

OPENSUSE-SU-2022:0110-1

OPENSUSE-SU-2022_0103-1

OPENSUSE-SU-2022_0110-1

OPENSUSE-SU-2024:11890-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Google Chrome

Edge

Suse

PT-2021-6240 · Google+3 · Google Chrome+3

CVE-2022-0806

Weakness Enumeration

Related Identifiers

Affected Products

References · 2346