VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-kc2r-aesw-7qg9

Essentials
Severities (21)
References (32)
Severity details (5)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kc2r-aesw-7qg9
Aliases	CVE-2022-2743
Summary	Integer overflow in Window Manager in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to perform an out of bounds memory write via crafted UI interactions. (Chrome security severity: High)
Status	Published
Exploitability	0.5
Weighted Severity	7.9
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
epss	0.00543	https://api.first.org/data/v1/epss?cve=CVE-2022-2743
cvssv3.1	8.8	https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
ssvc	Track	https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
cvssv3.1	8.8	https://crbug.com/1316960
ssvc	Track	https://crbug.com/1316960
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-2743

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-2743
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2603
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2604
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2605
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2606
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2607
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2608
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2609
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2610
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2611
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2612
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2613
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2614
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2615
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2616
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2617
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2618
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2619
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2620
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2621
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2622
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2623
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2624
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2742
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2743
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4914
1316960		https://crbug.com/1316960
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
cpe:2.3:o:google:chrome_os:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:chrome_os:-:::::::*
cpe:2.3:o:google:linux_and_chrome_os:-:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:linux_and_chrome_os:-:::::::*
CVE-2022-2743		https://nvd.nist.gov/vuln/detail/CVE-2022-2743
stable-channel-update-for-desktop.html		https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:37:08Z/ Found at https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1316960

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T15:37:08Z/ Found at https://crbug.com/1316960

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2743

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.66719
EPSS Score	0.00543
Published At	Aug. 6, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:57:10.221951+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2022/2xxx/CVE-2022-2743.json	37.0.0