Search for vulnerabilities
Vulnerability details: VCID-etk6-2nqt-aaaf
Vulnerability ID VCID-etk6-2nqt-aaaf
Aliases CVE-2022-3038
Summary Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Status Published
Exploitability 2.0
Weighted Severity 7.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
epss 0.21333 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.21333 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.21333 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.23290 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.26041 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.31022 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79173 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79173 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79173 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79173 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79173 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79173 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79413 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79413 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79413 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.79413 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80268 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.80492 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
epss 0.81086 https://api.first.org/data/v1/epss?cve=CVE-2022-3038
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3038
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3038
Reference id Reference type URL
http://packetstormsecurity.com/files/168596/Google-Chrome-103.0.5060.53-network-URLLoader-NotifyCompleted-Heap-Use-After-Free.html
https://api.first.org/data/v1/epss?cve=CVE-2022-3038
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
https://crbug.com/1340253
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3039
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3040
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3041
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3042
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3043
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3051
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3053
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3054
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3057
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3058
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3071
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4912
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4913
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
https://security.gentoo.org/glsa/202209-23
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-3038 https://nvd.nist.gov/vuln/detail/CVE-2022-3038
Data source KEV
Date added March 30, 2023
Description Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date April 20, 2023
Note 
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-3038
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3038
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3038
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.96424
EPSS Score 0.21333
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.