CVE-2022-1865

CVE-2022-1865

Name

CVE-2022-1865

Description

Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
MISC	https://crbug.com/1289192
Third Party Advisory	https://security.gentoo.org/glsa/202208-25

Type

URI

MISC

https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html

MISC

https://crbug.com/1289192

Third Party Advisory

https://security.gentoo.org/glsa/202208-25

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:google:chrome::::::::`	chrome	>= None	< 102.0.5005.61

CPE URI

Source package

Min version

Max version

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

chrome

>= None

< 102.0.5005.61

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
chromium	edge-community	102.0.5005.61-r0	Natanael Copa <ncopa@alpinelinux.org>	fixed
chromium	3.22-community	102.0.5005.61-r0	None	fixed
chromium	3.21-community	102.0.5005.61-r0	None	fixed
chromium	3.20-community	102.0.5005.61-r0	None	fixed
chromium	3.19-community	102.0.5005.61-r0	None	fixed
chromium	3.18-community	102.0.5005.61-r0	None	fixed
chromium	3.17-community	102.0.5005.61-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

chromium

edge-community

102.0.5005.61-r0

Natanael Copa <ncopa@alpinelinux.org>

fixed

chromium

3.22-community