VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-8kjf-2qaq-aaak

Essentials
Severities (99)
References (12)
Severity details (16)
Exploits (1)
EPSS
History (0)

Vulnerability ID	VCID-8kjf-2qaq-aaak
Aliases	CVE-2022-4135 GHSA-995f-9x5r-2rcj
Summary	Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Status	Published
Exploitability	2.0
Weighted Severity	9.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-787	Out-of-bounds Write
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00092	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00115	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00132	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00183	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00196	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.00764	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01373	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01373	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01373	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01461	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01461	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01461	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01461	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01461	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.01461	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.02493	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.02493	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.02620	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.15098	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.15098	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
epss	0.15267	https://api.first.org/data/v1/epss?cve=CVE-2022-4135
cvssv3.1	9.6	https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
generic_textual	CRITICAL	https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
ssvc	Attend	https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
cvssv3.1	9.6	https://crbug.com/1392715
generic_textual	CRITICAL	https://crbug.com/1392715
ssvc	Attend	https://crbug.com/1392715
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-995f-9x5r-2rcj
cvssv3.1	9.6	https://github.com/electron/electron/pull/36444
generic_textual	CRITICAL	https://github.com/electron/electron/pull/36444
cvssv3.1	9.6	https://github.com/electron/electron/pull/36447
generic_textual	CRITICAL	https://github.com/electron/electron/pull/36447
cvssv3	9.6	https://nvd.nist.gov/vuln/detail/CVE-2022-4135
cvssv3.1	9.6	https://nvd.nist.gov/vuln/detail/CVE-2022-4135
cvssv3.1	9.6	https://security.gentoo.org/glsa/202305-10
generic_textual	CRITICAL	https://security.gentoo.org/glsa/202305-10
ssvc	Attend	https://security.gentoo.org/glsa/202305-10

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-4135
		https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
		https://crbug.com/1392715
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4135
		https://github.com/electron/electron/pull/36444
		https://github.com/electron/electron/pull/36447
		https://security.gentoo.org/glsa/202305-10
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:a:microsoft:edge::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:edge::::::::
cpe:2.3:a:microsoft:edge_chromium::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:microsoft:edge_chromium::::::::
CVE-2022-4135		https://nvd.nist.gov/vuln/detail/CVE-2022-4135
GHSA-995f-9x5r-2rcj		https://github.com/advisories/GHSA-995f-9x5r-2rcj

Data source	KEV
Date added	Nov. 28, 2022
Description	Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action	Apply updates per vendor instructions.
Due date	Dec. 19, 2022
Note	https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html; https://nvd.nist.gov/vuln/detail/CVE-2022-4135
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T14:45:12Z/ Found at https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://crbug.com/1392715

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T14:45:12Z/ Found at https://crbug.com/1392715

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/electron/electron/pull/36444

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://github.com/electron/electron/pull/36447

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4135

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4135

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202305-10

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2024-02-15T14:45:12Z/ Found at https://security.gentoo.org/glsa/202305-10

Exploit Prediction Scoring System (EPSS)

Percentile	0.19804
EPSS Score	0.00075
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.