Search for vulnerabilities
Vulnerability details: VCID-bv14-4aq8-aaab
Vulnerability ID VCID-bv14-4aq8-aaab
Aliases CVE-2022-2296
Summary Use after free in Chrome OS Shell in Google Chrome on Chrome OS prior to 103.0.5060.114 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via direct UI interactions.
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00397 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00496 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00498 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00505 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00529 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
epss 0.00541 https://api.first.org/data/v1/epss?cve=CVE-2022-2296
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2296
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2296
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-2296
https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html
https://crbug.com/1327087
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2294
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2296
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5BQRTR4SIUNIHLLPWTGYSDNQK7DYCRSB/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/H2C4XOJVIILDXTOSMWJXHSQNEXFWSOD7/
https://security.gentoo.org/glsa/202208-35
cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:fedoraproject:extra_packages_for_enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
CVE-2022-2296 https://nvd.nist.gov/vuln/detail/CVE-2022-2296
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2296
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2296
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57604
EPSS Score 0.00397
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.