CVE-2022-3199 - Vulnerability Details - OpenCVE

Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Fedoraproject	Fedora
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html
https://crbug.com/1355237
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
https://security.gentoo.org/glsa/202209-23

History

Wed, 21 May 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2022-09-26T00:00:00.000Z

Updated: 2025-05-21T17:58:55.960Z

Reserved: 2022-09-13T00:00:00.000Z

Link: CVE-2022-3199

Vulnrichment

Updated: 2024-08-03T01:00:10.852Z

NVD

Status : Modified

Published: 2022-09-26T16:15:13.727

Modified: 2025-05-21T18:15:49.050

Link: CVE-2022-3199

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3199", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "dateUpdated": "2025-05-21T17:58:55.960Z", "dateReserved": "2022-09-13T00:00:00.000Z", "datePublished": "2022-09-26T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2022-11-25T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"version": "unspecified", "lessThan": "105.0.5195.125", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html"}, {"url": "https://crbug.com/1355237"}, {"url": "https://security.gentoo.org/glsa/202209-23"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"}, {"url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Use after free"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.852Z"}, "title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html", "tags": ["x_transferred"]}, {"url": "https://crbug.com/1355237", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202209-23", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html", "tags": ["x_transferred"]}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-21T17:58:21.412213Z", "id": "CVE-2022-3199", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T17:58:55.960Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html", "tags": ["x_transferred"]}, {"url": "https://crbug.com/1355237", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202209-23", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/", "tags": ["x_transferred"]}, {"url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.852Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-3199", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-21T17:58:21.412213Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-21T17:58:52.357Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Chrome", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "105.0.5195.125", "versionType": "custom"}]}], "references": [{"url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html"}, {"url": "https://crbug.com/1355237"}, {"url": "https://security.gentoo.org/glsa/202209-23"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"}, {"url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html"}], "descriptions": [{"lang": "en", "value": "Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Use after free"}]}], "providerMetadata": {"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome", "dateUpdated": "2022-11-25T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-3199", "state": "PUBLISHED", "dateUpdated": "2025-05-21T17:58:55.960Z", "dateReserved": "2022-09-13T00:00:00.000Z", "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "datePublished": "2022-09-26T00:00:00.000Z", "assignerShortName": "Chrome"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "F07DA0CA-C55B-4A5E-839A-AB2B19D0CB0A", "versionEndExcluding": "105.0.5195.125", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use after free in Frames in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"}, {"lang": "es", "value": "Un uso de memoria previamente liberada en Frames en Google Chrome antes de la versi\u00f3n 105.0.5195.125 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n de heap a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)"}], "id": "CVE-2022-3199", "lastModified": "2025-05-21T18:15:49.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-09-26T16:15:13.727", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html"}, {"source": "[email protected]", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://crbug.com/1355237"}, {"source": "[email protected]", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/170012/Chrome-blink-LocalFrameView-PerformLayout-Use-After-Free.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://crbug.com/1355237"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202209-23"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "[email protected]", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}