Exploitation of CVE-2022-3038 in Google Chrome

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-3038 to their Known Exploited Vulnerabilities Catalog

Threat ID:: CC-4294
Threat Severity:: Information only
Published:: 3 April 2023 1:34 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2022-3038 to their Known Exploited Vulnerabilities Catalog

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 105.0.5195.52 for Mac and Linux, all prior to 105.0.5195.52/.53/.54 for Windows

Google Chrome for Windows, macOS and Linux

Threat details

Introduction

Google released a security update to address a High severity use-after-free vulnerability tracked as CVE-2022-3038 in August 2022. This vulnerability affects Google for Windows, Mac, and Linux, and has a CVSSv3 score of 8.8. A remote attacker could exploit this heap corruption vulnerability via a crafted HTML page. The US Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to their Known Exploited Vulnerability Catalog in March 2023.

Exploitation in the wild for CVE-2022-3038

CISA has added CVE-2022-3038 to their Known Exploited Vulnerabilities Catalog.

Remediation advice

Affected organisations are encouraged to review the Chrome Release relating to this vulnerability and the latest Chrome Release and apply any relevant updates.

Definitive source of threat updates

https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html

CVE Vulnerabilities

Status Published

CVE-2022-3038

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Last edited: 3 April 2023 2:24 pm