CVE-2022-3659: Use after free in Accessibility
First published: Tue Aug 23 2022(Updated: )
Use after free in Accessibility in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: Medium)
Credit: chrome-cve-admin@google.com @ginggilBesel
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <107.0.5304.62 | |
| Google Chrome OS | ||
| Google Chrome | <107.0.5304.62 | 107.0.5304.62 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-3659.
What is the severity level of CVE-2022-3659?
The severity level of CVE-2022-3659 is high (8.8 out of 10).
What is the affected software for CVE-2022-3659?
The affected software for CVE-2022-3659 is Google Chrome on Chrome OS prior to version 107.0.5304.62.
How can an attacker exploit CVE-2022-3659?
An attacker can exploit CVE-2022-3659 by convincing a user to engage in specific UI interactions, potentially leading to heap corruption.
How can CVE-2022-3659 be fixed?
CVE-2022-3659 can be fixed by updating Google Chrome on Chrome OS to version 107.0.5304.62 or later.
- agent/references
- agent/type
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/title
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/first-publish-date
- agent/event
- collector/chrome-releases
- agent/software-canonical-lookup
- vendor/google
- canonical/google chrome
- canonical/google chrome os