CVE-2022-2587 : Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prio

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.

Published 2022-08-12 20:15:09

Updated 2022-08-15 19:00:08

Source Chrome

View at NVD, CVE.org

Vulnerability category: Memory Corruption

Products affected by CVE-2022-2587

Google » Chrome
Versions before (<) 102.0.5005.125
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
When used together with: Google » Chrome Os » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2022-2587

EPSS FAQ

0.50%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 65 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-2587

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	3.9	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2022-2587

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-2587

https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-chromeos.html

Vendor Advisory
https://crbug.com/1320917

Issue Tracking;Permissions Required;Vendor Advisory

Jump to

Vulnerability Details : CVE-2022-2587

Products affected by CVE-2022-2587

Exploit prediction scoring system (EPSS) score for CVE-2022-2587

CVSS scores for CVE-2022-2587

CWE ids for CVE-2022-2587

References for CVE-2022-2587