CVE-2022-3653

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 107.0.5304.62 Chromium versions prior to 107.0.5304.62 Yandex Browser versions prior to 23.1.2.1033-alt1 Chromium-Gost versions prior to 107.0.5304.87-alt1 Chromium-Gost versions prior to 110.0.5481.177-alt1.p10.1 Chromium versions 107.0.5304.68-1~deb11u1 Ungoogled-Chromium versions prior to 113.0.5672.92-1.1 Chromedriver versions prior to 107.0.5304.87-1.1

Description A heap buffer overflow exists in the Vulkan component of Google Chrome, Chromium, Yandex Browser, Chromium-Gost, and related projects. This issue could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. The vulnerability affects the dynamic memory allocation within the Vulkan rendering mode. Exploitation may allow a remote attacker to execute arbitrary code.

Recommendations Google Chrome versions prior to 107.0.5304.62: Upgrade to version 107.0.5304.62 or later. Chromium versions prior to 107.0.5304.62: Upgrade to version 107.0.5304.62 or later. Yandex Browser versions prior to 23.1.2.1033-alt1: Upgrade to version 23.1.2.1033-alt1 or later. Chromium-Gost versions prior to 107.0.5304.87-alt1: Upgrade to version 107.0.5304.87-alt1 or later. Chromium-Gost versions prior to 110.0.5481.177-alt1.p10.1: Upgrade to version 110.0.5481.177-alt1.p10.1 or later. Chromium versions prior to 107.0.5304.68-1deb11u1: Upgrade to version 107.0.5304.68-1deb11u1 or later. Ungoogled-Chromium versions prior to 113.0.5672.92-1.1: Upgrade to version 113.0.5672.92-1.1 or later. Chromedriver versions prior to 107.0.5304.87-1.1: Upgrade to version 107.0.5304.87-1.1 or later.