CVE-2022-4920

CRITICAL

Google Chrome < 101.0.4951.41 - Heap Buffer Overflow in Blink via Crafted HTML Page

Title source: llm
STIX 2.1

Description

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Scores

CVSS v3 9.6
EPSS 0.0062
EPSS Percentile 45.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-787
Status published
Products (1)
google/chrome < 101.0.4951.41
Published Jul 29, 2023
Tracked Since Feb 18, 2026