CVE-2022-3075
Google Chromium Mojo Insufficient Data Validation Vulnerability
CVSS
—
Sin CVSS
EPSS
5.7%
p92
KEV
SÍ
8 sept 2022
Exploit Today
78
0-100
Publicado: — · Última mod.: —
Producto
Google / Chromium Mojo
Vulnerabilidad
Google Chromium Mojo Insufficient Data Validation Vulnerability
Añadido a KEV
8 sept 2022
Remediar antes de
29 sept 2022
Uso conocido en ransomware
No
Descripción resumida
Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Acción requerida
Apply updates per vendor instructions.
Notas
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075; https://nvd.nist.gov/vuln/detail/CVE-2022-3075