CVE-2022-4135
CRITICAL KEVGoogle Chrome < 107.0.5304.121 - Heap Buffer Overflow in GPU
Title source: llmExploitation Summary
CVE-2022-4135 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 28, 2022.
Description
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
References (4)
Core 4
Core References
Release Notes, Vendor Advisory
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Exploit, Issue Tracking
https://crbug.com/1392715
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4135
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-10
Scores
CVSS v3
9.6
EPSS
0.0008
EPSS Percentile
23.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2022-11-28
VulnCheck KEV
2022-11-22
InTheWild.io
2022-11-22
ENISA EUVD
EUVD-2022-7297
CWE
CWE-787
Status
published
Products (4)
google/chrome
< 107.0.5304.121
microsoft/edge
< 107.0.1418.62
microsoft/edge_chromium
< 107.0.5304.150
npm/electron
19.0.0 - 19.1.8npm
Published
Nov 25, 2022
KEV Added
Nov 28, 2022
Tracked Since
Feb 18, 2026