PT-2022-5325 · Google+3 · Google Chrome+3

Narendra Bhati

·

Published

2022-09-30

·

Updated

2024-10-29

·

CVE-2022-3447

CVSS v2.0

10

High

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 106.0.5249.119
Description The issue is related to the use of memory after it has been freed, which can be exploited by a remote attacker to execute arbitrary code. In Google Chrome on Android, an inappropriate implementation in Custom Tabs allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Recommendations For versions prior to 106.0.5249.119, update to version 106.0.5249.119 or later to resolve the issue. As a temporary workaround, consider restricting access to Custom Tabs until a patch is applied. Avoid using crafted HTML pages that could exploit this issue in the affected API endpoints.

Exploit

Fix

Out of bounds Read

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-416

Related Identifiers

ALT-PU-2022-2840
ALT-PU-2022-2905
ALT-PU-2022-2959
ALT-PU-2023-1462
BDU:2022-06630
CVE-2022-3447
DSA-5253-1
MGASA-2022-0376
OPENSUSE-SU-2022:10146-1
OPENSUSE-SU-2022:10151-1
OPENSUSE-SU-2022:10181-1
OPENSUSE-SU-2022:10182-1
OPENSUSE-SU-2022_10181-1
OPENSUSE-SU-2022_10182-1
OPENSUSE-SU-2023:0115-1
OPENSUSE-SU-2023_0115-1
OPENSUSE-SU-2024:12404-1
OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux
Astra Linux
Google Chrome
Suse