CVE-2022-26486

CRITICAL Year: 2022
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-416
View all →

Vulnerability Description

An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw. This vulnerability affects Firefox < 97.0.2, Firefox ESR < 91.6.1, Firefox for Android < 97.3.0, Thunderbird < 91.6.2, and Focus < 97.3.0.

Related Vulnerabilities

CVE-2018-17462

CRITICAL
CVSS:9.6(Critical)

Incorrect refcounting in AppCache in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform a sandbox escape via a crafted HTML page.

CWE-4162018

CVE-2018-6127

CRITICAL
CVSS:9.6(Critical)

Early free of object in use in IndexDB in Google Chrome prior to 67.0.3396.62 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H...

CWE-4162018

CVE-2019-5759

CRITICAL
CVSS:9.6(Critical)

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162019

CVE-2019-5850

CRITICAL
CVSS:9.6(Critical)

Use after free in offline mode in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page...

CWE-4162019

CVE-2019-5870

CRITICAL
CVSS:9.6(Critical)

Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162019

CVE-2020-16014

CRITICAL
CVSS:9.6(Critical)

Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CWE-4162020