CVE-2022-4920

CRITICAL Year: 2022
CVSS v3 Score
9.6
Critical
Weakness Type
CWE-787
View all →

Vulnerability Description

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Related Vulnerabilities

CVE-2019-8562

CRITICAL
CVSS:9.6(Critical)

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows. A sandboxed process may be able to circumvent sand...

CWE-7872019

CVE-2020-15999

CRITICAL
CVSS:9.6(Critical)

Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-7872020

CVE-2020-16011

CRITICAL
CVSS:9.6(Critical)

Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4240.183 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H...

CWE-7872020

CVE-2020-16013

CRITICAL
CVSS:9.6(Critical)

Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-7872020

CVE-2020-16024

CRITICAL
CVSS:9.6(Critical)

Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CWE-7872020

CVE-2020-16025

CRITICAL
CVSS:9.6(Critical)

Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p...

CWE-7872020