CVE-2022-3071: Use after free in Tab Strip

Reference Links

• https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html (Advisory)
• https://crbug.com/1333995
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
• https://security.gentoo.org/glsa/202209-23
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/

Parent vulnerabilities

(Appears in the following advisories)

• 6098751293474831349

Peer vulnerabilities

(Found alongside the following vulnerabilities)

• CVE-2022-3038
• CVE-2022-4912
• CVE-2022-3039
• CVE-2022-3040
• CVE-2022-3041
• CVE-2022-3042
• CVE-2022-3043
• CVE-2022-3044
• CVE-2022-3045
• CVE-2022-3046
• CVE-2022-4913
• CVE-2022-3047
• CVE-2022-3048
• CVE-2022-3049
• CVE-2022-3050
• CVE-2022-3051
• CVE-2022-3052
• CVE-2022-3053
• CVE-2022-3054
• CVE-2022-3055
• CVE-2022-3056
• CVE-2022-3057
• CVE-2022-3058

Frequently Asked Questions

• What is the vulnerability ID for the use after free vulnerability in Google Chrome on Chrome OS Lacros?

  The vulnerability ID for the use after free vulnerability in Google Chrome on Chrome OS Lacros is CVE-2022-3071.

• What is the severity of CVE-2022-3071?

  The severity of CVE-2022-3071 is high with a CVSS score of 8.8.

• Which software versions are affected by CVE-2022-3071?

  Google Chrome on Chrome OS, Lacros prior to version 105.0.5195.52 is affected by CVE-2022-3071.

• How can a remote attacker potentially exploit CVE-2022-3071?

  A remote attacker can potentially exploit CVE-2022-3071 by convincing a user to engage in specific UI interactions that lead to heap corruption via crafted UI interaction.

• How can I fix the use after free vulnerability CVE-2022-3071?

  To fix the use after free vulnerability CVE-2022-3071, update Google Chrome on Chrome OS, Lacros to version 105.0.5195.52 or later.