Search for vulnerabilities
Vulnerability details: VCID-hc2v-qx8h-aaaj
Vulnerability ID VCID-hc2v-qx8h-aaaj
Aliases CVE-2022-3654
Summary Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-416 Use After Free
System Score Found at
ssvc Track http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00304 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00338 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00338 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.00339 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.2423 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
epss 0.32987 https://api.first.org/data/v1/epss?cve=CVE-2022-3654
ssvc Track https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
ssvc Track https://crbug.com/1365330
cvssv3 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3654
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-3654
Reference id Reference type URL
http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html
https://api.first.org/data/v1/epss?cve=CVE-2022-3654
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
https://crbug.com/1365330
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3661
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4908
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4909
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4910
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
CVE-2022-3654 https://nvd.nist.gov/vuln/detail/CVE-2022-3654
No exploits are available.
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T16:16:03Z/ Found at http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T16:16:03Z/ Found at https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-12T16:16:03Z/ Found at https://crbug.com/1365330
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3654
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-3654
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.70216
EPSS Score 0.00304
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.