CVE-2022-1641

CVE-2022-1641

Name

CVE-2022-1641

Description

Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://crbug.com/1305068
MISC	https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html
Third Party Advisory	https://security.gentoo.org/glsa/202208-25

Type

URI

MISC

https://crbug.com/1305068

MISC

https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html

Third Party Advisory

https://security.gentoo.org/glsa/202208-25

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
chromium	edge-community	101.0.4951.64-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
chromium	3.22-community	101.0.4951.64-r0	None	fixed
chromium	3.21-community	101.0.4951.64-r0	None	fixed
chromium	3.20-community	101.0.4951.64-r0	None	fixed
chromium	3.19-community	101.0.4951.64-r0	None	fixed
chromium	3.18-community	101.0.4951.64-r0	None	fixed
chromium	3.17-community	101.0.4951.64-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

chromium

edge-community

101.0.4951.64-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

chromium

3.22-community