Search for vulnerabilities
Vulnerability details: VCID-yy56-deuy-eke1
Vulnerability ID VCID-yy56-deuy-eke1
Aliases CVE-2022-2742
Summary Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)
Status Published
Exploitability 0.5
Weighted Severity 7.9
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
System Score Found at
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
epss 0.00421 https://api.first.org/data/v1/epss?cve=CVE-2022-2742
cvssv3.1 8.8 https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
ssvc Track https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
cvssv3.1 8.8 https://crbug.com/1319172
ssvc Track https://crbug.com/1319172
cvssv3.1 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-2742
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-2742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2603
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2605
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2606
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2608
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2611
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2612
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2614
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2615
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2616
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2617
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2619
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2742
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4914
1319172 https://crbug.com/1319172
CVE-2022-2742 https://nvd.nist.gov/vuln/detail/CVE-2022-2742
stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T16:18:20Z/ Found at https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1319172
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-22T16:18:20Z/ Found at https://crbug.com/1319172
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2742
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.6116
EPSS Score 0.00421
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:57:06.999431+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2022/2xxx/CVE-2022-2742.json 37.0.0