CVE-2022-2607: Use after free in Tab Strip

Reference Links

• https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html (Advisory)
• https://crbug.com/1286203
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/

Parent vulnerabilities

(Appears in the following advisories)

• 849835485002254358

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2022-2603
• CVE-2022-2604
• CVE-2022-2605
• CVE-2022-2606
• CVE-2022-2608
• CVE-2022-2609
• CVE-2022-2742
• CVE-2022-2743
• CVE-2022-2610
• CVE-2022-2611
• CVE-2022-2612
• CVE-2022-2613
• CVE-2022-2614
• CVE-2022-4914
• CVE-2022-2615
• CVE-2022-2616
• CVE-2022-2617
• CVE-2022-2618
• CVE-2022-2619
• CVE-2022-2620
• CVE-2022-2621
• CVE-2022-2622
• CVE-2022-2623
• CVE-2022-2624

Frequently Asked Questions

• What is CVE-2022-2607?

  CVE-2022-2607 is a vulnerability that allows a remote attacker to potentially exploit heap corruption in the Tab Strip feature of Google Chrome on Chrome OS.

• How severe is CVE-2022-2607?

  CVE-2022-2607 has a severity rating of 8.8 (high).

• What software versions are affected by CVE-2022-2607?

  Google Chrome on Chrome OS versions prior to 104.0.5112.79 are affected.

• How can CVE-2022-2607 be exploited?

  CVE-2022-2607 can be exploited by convincing a user to engage in specific user interactions.

• Where can I find more information about CVE-2022-2607?

  You can find more information about CVE-2022-2607 in the references provided: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html, https://crbug.com/1286203, https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/