CVE-2022-3890
Summary
| CVE | CVE-2022-3890 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-11-09 04:15:00 UTC |
|---|
| Updated | 2022-12-08 21:43:00 UTC |
|---|
| Description | Heap buffer overflow in Crashpad in Google Chrome on Android prior to 107.0.5304.106 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| 1380083 -
chromium -
An open-source project to help move the web forward. -
Monorail |
MISC |
crbug.com |
|
| Chrome Releases: Stable Channel Update for Desktop |
MISC |
chromereleases.googleblog.com |
|
| Debian -- Security Information -- DSA-5275-1 chromium |
DEBIAN |
www.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181207 Debian Security Update for chromium (DSA 5275-1)
- 183898 Debian Security Update for chromium (CVE-2022-3890)
- 377749 Google Chrome Prior to 107.0.5304.110 for Mac/Linux and prior to 107.0.5304.106 for Windows Multiple Vulnerabilities
- 377757 Microsoft Edge Based on Chromium Prior to 107.0.1418.42 Multiple Vulnerabilities
- 502601 Alpine Linux Security Update for qt5-qtwebengine
- 502934 Alpine Linux Security Update for qt5-qtwebengine
- 505810 Alpine Linux Security Update for qt5-qtwebengine
- 630861 Google Chrome For Android Out-of-bounds Write Vulnerability
- 690979 Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (6b04476f-601c-11ed-92ce-3065ec8fd3ec)
