PT-2022-6787 · Google+1 · Google Chrome+1
Published
2022-11-29
·
Updated
2023-12-28
·
CVE-2022-4907
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 108.0.5359.71
Description
The issue is related to an uninitialized use in FFmpeg within Google Chrome, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This is due to incorrect code generation management in the multimedia library. The severity of this issue is classified as Medium by Chromium security.
Recommendations
For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. As a temporary workaround, consider restricting the use of FFmpeg in Google Chrome until a patch is applied.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Google Chrome