Exploitation Summary
CVE-2022-3038 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 30, 2023.
Description
Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
References (6)
Core 6
Core References
Exploit, Vendor Advisory x_refsource_misc
https://crbug.com/1340253
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202209-23
Mailing List vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/168596/Google-Chrome-103.0.5060.53-network-URLLoader-NotifyCompleted-Heap-Use-After-Free.html
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3038
Scores
CVSS v3
8.8
EPSS
0.3599
EPSS Percentile
97.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2023-03-30
VulnCheck KEV
2023-03-29
InTheWild.io
2023-03-30
ENISA EUVD
EUVD-2022-42470
CWE
CWE-416
Status
published
Products (2)
fedoraproject/fedora
37
google/chrome
< 105.0.5195.52
Published
Sep 26, 2022
KEV Added
Mar 30, 2023
Tracked Since
Feb 18, 2026