Exploitation Summary
CVE-2022-3075 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 8, 2022.
Description
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
References (5)
Core 5
Core References
Permissions Required x_refsource_misc
https://crbug.com/1358134
Release Notes, Vendor Advisory x_refsource_misc
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202209-23
Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3075
Scores
CVSS v3
9.6
EPSS
0.0212
EPSS Percentile
84.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-09-08
VulnCheck KEV
2022-08-30
InTheWild.io
2022-08-30
ENISA EUVD
EUVD-2022-42504
CWE
CWE-20
Status
published
Products (2)
fedoraproject/fedora
37
google/chrome
< 105.0.5195.102
Published
Sep 26, 2022
KEV Added
Sep 08, 2022
Tracked Since
Feb 18, 2026