Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-1860

Summary
Assigner-Chrome
Assigner Org ID-ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At-27 Jul, 2022 | 21:17
Updated At-03 Aug, 2024 | 00:17
Rejected At-
Credits

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Chrome
Assigner Org ID:ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28
Published At:27 Jul, 2022 | 21:17
Updated At:03 Aug, 2024 | 00:17
Rejected At:
▼CVE Numbering Authority (CNA)

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.

Affected Products
Vendor
Google LLCGoogle
Product
Chrome
Versions
Affected
  • From unspecified before 102.0.5005.61 (custom)
Problem Types
TypeCWE IDDescription
textN/AUse after free
Type: text
CWE ID: N/A
Description: Use after free
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
x_refsource_MISC
https://crbug.com/1297209
x_refsource_MISC
https://security.gentoo.org/glsa/202208-25
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
Resource:
x_refsource_MISC
Hyperlink: https://crbug.com/1297209
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/202208-25
Resource:
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
x_refsource_MISC
x_transferred
https://crbug.com/1297209
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/202208-25
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://crbug.com/1297209
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202208-25
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:chrome-cve-admin@google.com
Published At:27 Jul, 2022 | 22:15
Updated At:26 Oct, 2022 | 18:06

Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CPE Matches
Google LLC
google
>>chrome>>Versions before 102.0.5005.61(exclusive)
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-416Primarynvd@nist.gov
CWE ID: CWE-416
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.htmlchrome-cve-admin@google.com
Release Notes
Vendor Advisory
https://crbug.com/1297209chrome-cve-admin@google.com
Permissions Required
Vendor Advisory
https://security.gentoo.org/glsa/202208-25chrome-cve-admin@google.com
Third Party Advisory
Hyperlink: https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
Source: chrome-cve-admin@google.com
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://crbug.com/1297209
Source: chrome-cve-admin@google.com
Resource:
Permissions Required
Vendor Advisory
Hyperlink: https://security.gentoo.org/glsa/202208-25
Source: chrome-cve-admin@google.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2418Records found
CVE-2020-16023
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.58% / 67.84%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:52
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15972
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.50% / 87.12%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 00:00
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromefedoradebian_linuxbackports_sleChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15969
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-3.16% / 86.39%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEApple Inc.Fedora ProjectDebian GNU/Linux
Product-iphone_osdebian_linuxipadostvoschromewatchossafarifedoramacosbackports_sleChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-4918
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.71% / 71.34%
||
7 Day CHG~0.00%
Published-28 Jul, 2023 | 23:26
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-416
Use After Free
CVE-2020-16002
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.43% / 79.88%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromebackports_sledebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16026
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.58% / 67.84%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:52
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16001
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.91% / 82.53%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromedebian_linuxfedorabackports_sleChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15996
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.98% / 75.82%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in passwords in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4921
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.96% / 75.60%
||
7 Day CHG~0.00%
Published-28 Jul, 2023 | 23:26
Updated-13 Feb, 2025 | 16:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-416
Use After Free
CVE-2020-15990
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.43% / 79.84%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in autofill in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromefedoradebian_linuxbackports_sleChrome
CWE ID-CWE-416
Use After Free
CVE-2020-15967
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.43% / 79.84%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in payments in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromebackports_sledebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2020-15987
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.60% / 80.95%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC stream.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromebackports_sledebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2020-16004
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.24% / 78.43%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15991
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.43% / 79.84%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in password manager in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromebackports_sledebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2020-15971
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-1.43% / 79.84%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in printing in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-chromebackports_sledebian_linuxfedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2020-16044
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.62%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:55
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-16038
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.46% / 63.01%
||
7 Day CHG~0.00%
Published-08 Jan, 2021 | 17:54
Updated-04 Aug, 2024 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromechrome_osChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2020-15998
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.89%
||
7 Day CHG~0.00%
Published-03 Nov, 2020 | 02:21
Updated-04 Aug, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4438
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.63%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2024-2885
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.18% / 39.99%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 20:09
Updated-18 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechromefedora
CWE ID-CWE-416
Use After Free
CVE-2022-1639
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.57% / 67.73%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:56
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4436
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.21%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-2011
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.55% / 66.91%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 00:10
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1308
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.37% / 57.84%
||
7 Day CHG~0.00%
Published-25 Jul, 2022 | 13:40
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2024-2883
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-7.5||HIGH
EPSS-0.20% / 41.83%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 20:09
Updated-14 Mar, 2025 | 02:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechromefedora
CWE ID-CWE-416
Use After Free
CVE-2020-6467
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-2.04% / 83.12%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 03:46
Updated-04 Aug, 2024 | 09:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLCopenSUSEFedora ProjectDebian GNU/Linux
Product-debian_linuxchromefedorabackports_sleleapChrome
CWE ID-CWE-416
Use After Free
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-4439
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.26% / 49.61%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromewindowsChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4440
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.18% / 40.21%
||
7 Day CHG~0.00%
Published-14 Dec, 2022 | 00:00
Updated-03 Aug, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-2007
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.34% / 55.84%
||
7 Day CHG~0.00%
Published-28 Jul, 2022 | 00:10
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1859
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.54% / 66.70%
||
7 Day CHG~0.00%
Published-27 Jul, 2022 | 21:17
Updated-03 Aug, 2024 | 00:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4194
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.77%
||
7 Day CHG+0.02%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4181
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.29% / 52.20%
||
7 Day CHG+0.01%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4191
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.35% / 56.77%
||
7 Day CHG+0.02%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2024-2627
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.45% / 62.88%
||
7 Day CHG~0.00%
Published-20 Mar, 2024 | 17:06
Updated-13 Feb, 2025 | 17:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-chromefedoraChromechromefedora
CWE ID-CWE-416
Use After Free
CVE-2022-1636
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.32% / 54.51%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:56
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Performance APIs in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4180
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2023-0931
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.10% / 28.44%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 19:54
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-416
Use After Free
CVE-2025-8292
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.11% / 29.80%
||
7 Day CHG~0.00%
Published-30 Jul, 2025 | 01:18
Updated-01 Aug, 2025 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Linux Kernel Organization, IncApple Inc.Microsoft CorporationGoogle LLC
Product-chromemacoswindowslinux_kernelChrome
CWE ID-CWE-416
Use After Free
CVE-2022-1634
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.38% / 58.50%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:55
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Browser UI in Google Chrome prior to 101.0.4951.64 allowed a remote attacker who had convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific user interactions.

Action-Not Available
Vendor-Google LLC
Product-chromeandroidChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4192
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.22% / 44.87%
||
7 Day CHG+0.01%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2023-1213
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.11% / 30.01%
||
7 Day CHG~0.00%
Published-07 Mar, 2023 | 21:42
Updated-17 Oct, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-416
Use After Free
CVE-2022-4177
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.51%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2022-4179
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.06% / 18.52%
||
7 Day CHG~0.00%
Published-29 Nov, 2022 | 00:00
Updated-03 Aug, 2024 | 01:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChrome
CWE ID-CWE-416
Use After Free
CVE-2016-7872
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.81% / 87.65%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
CVE-2022-1641
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.65% / 69.90%
||
7 Day CHG~0.00%
Published-26 Jul, 2022 | 21:57
Updated-03 Aug, 2024 | 00:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in Web UI Diagnostics in Google Chrome on Chrome OS prior to 101.0.4951.64 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via specific user interaction.

Action-Not Available
Vendor-Google LLC
Product-chromechrome_osChrome
CWE ID-CWE-416
Use After Free
CVE-2025-9478
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.07% / 21.15%
||
7 Day CHG~0.00%
Published-26 Aug, 2025 | 18:51
Updated-28 Aug, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Action-Not Available
Vendor-Google LLC
Product-Chrome
CWE ID-CWE-416
Use After Free
CVE-2023-0928
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.17% / 38.34%
||
7 Day CHG~0.00%
Published-22 Feb, 2023 | 19:53
Updated-13 Feb, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Action-Not Available
Vendor-Google LLC
Product-chromeChromechrome
CWE ID-CWE-416
Use After Free
CVE-2016-7892
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-23.36% / 95.74%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-30 Jul, 2025 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-15||The impacted product is end-of-life and should be disconnected if still in use.

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Microsoft CorporationApple Inc.Linux Kernel Organization, IncGoogle LLC
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlierFlash Player
CWE ID-CWE-416
Use After Free
CVE-2022-3198
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-8.8||HIGH
EPSS-0.73% / 71.87%
||
7 Day CHG~0.00%
Published-26 Sep, 2022 | 00:00
Updated-21 May, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Action-Not Available
Vendor-Fedora ProjectGoogle LLC
Product-fedorachromeChrome
CWE ID-CWE-416
Use After Free
CVE-2016-7879
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-3.81% / 87.65%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 06:31
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-n/aAdobe Inc.Linux Kernel Organization, IncGoogle LLCApple Inc.Microsoft Corporation
Product-flash_playerchrome_oslinux_kernelflash_player_desktop_runtimewindowswindows_8.1mac_os_xwindows_10Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 48
  • 49
  • Next
Details not found