CVE-2022-4907

HIGH

Google Chrome FFmpeg < 108.0.5359.71 - Sandbox Code Execution

Title source: manual
STIX 2.1

Description

Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

References (5)

Core 5

Scores

CVSS v3 8.8
EPSS 0.0205
EPSS Percentile 84.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (4)
debian/debian_linux 12.0
fedoraproject/fedora 37
fedoraproject/fedora 38
google/chrome < 108.0.5359.71
Published Jul 29, 2023
Tracked Since Feb 18, 2026