PT-2022-6369 · Google+2 · Google Chrome+4

Published

2022-08-02

Updated

2024-10-22

CVE-2022-2743

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 104.0.5112.79 Lacros versions prior to 104.0.5112.79

Description The issue is caused by an integer overflow in the Window Manager of Google Chrome on Chrome OS and Lacros. This allows a remote attacker, who convinces a user to engage in specific UI interactions, to perform an out of bounds memory write via crafted UI interactions. The attacker could potentially impact the confidentiality, integrity, and availability of protected information.

Recommendations For Google Chrome versions prior to 104.0.5112.79, update to version 104.0.5112.79 or later. For Lacros versions prior to 104.0.5112.79, update to version 104.0.5112.79 or later.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALT-PU-2022-2564

ALT-PU-2022-2611

ALT-PU-2022-2835

ALT-PU-2023-1462

BDU:2023-01060

CVE-2022-2743

DSA-5201-1

Affected Products

Alt Linux

Astra Linux

Chrome Os

Google Chrome

Lacros

PT-2022-6369 · Google+2 · Google Chrome+4

CVE-2022-2743

Weakness Enumeration

Related Identifiers

Affected Products

References · 13