CVE-2022-1493

Name
CVE-2022-1493
Description
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
NVD Severity
high
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://crbug.com/1275414
MISC https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html
Third Party Advisory https://security.gentoo.org/glsa/202208-25

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* chrome >= None < 101.0.4951.41

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
qt5-qtwebengine edge-community 5.15.3_git20220505-r0 Bart Ribbers <bribbers@disroot.org> fixed
qt5-qtwebengine 3.22-community 5.15.3_git20220505-r0 None fixed
qt5-qtwebengine 3.21-community 5.15.3_git20220505-r0 None fixed
qt5-qtwebengine 3.20-community 5.15.3_git20220505-r0 None fixed
qt5-qtwebengine 3.19-community 5.15.3_git20220505-r0 None fixed
qt5-qtwebengine 3.18-community 5.15.3_git20220505-r0 None fixed
qt5-qtwebengine 3.17-community 5.15.3_git20220505-r0 None fixed
chromium edge-community 101.0.4951.54-r0 Natanael Copa <ncopa@alpinelinux.org> fixed
chromium 3.22-community 101.0.4951.54-r0 None fixed
chromium 3.21-community 101.0.4951.54-r0 None fixed
chromium 3.20-community 101.0.4951.54-r0 None fixed
chromium 3.19-community 101.0.4951.54-r0 None fixed
chromium 3.18-community 101.0.4951.54-r0 None fixed
chromium 3.17-community 101.0.4951.54-r0 None fixed