PT-2022-4621 · Google+3 · Google Chrome+3

Published

2022-09-02

·

Updated

2025-10-24

·

CVE-2022-3075

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 105.0.5195.102
Description The issue is related to insufficient data validation in Mojo, a set of libraries that provide a platform-independent mechanism for inter-process communication (IPC). This could allow a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The vulnerability is actively being exploited by attackers.
Recommendations For versions prior to 105.0.5195.102, update to version 105.0.5195.102 or later to resolve the issue. As a temporary workaround, consider restricting access to the Mojo library until a patch is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2022-2568
ALT-PU-2022-2611
ALT-PU-2022-2835
ALT-PU-2023-1462
BDU:2022-05499
CVE-2022-3075
DSA-5225-1
MGASA-2022-0318
OPENSUSE-SU-2022:10117-1
OPENSUSE-SU-2022:10118-1
OPENSUSE-SU-2022:10119-1
OPENSUSE-SU-2022:10120-1
OPENSUSE-SU-2022:10121-1
OPENSUSE-SU-2022_10117-1
OPENSUSE-SU-2022_10118-1
OPENSUSE-SU-2022_10121-1
OPENSUSE-SU-2024:12319-1
OPENSUSE-SU-2024:12334-1
OPENSUSE-SU-2024:12590-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Suse