Vulnerability detail

Enriched intelligence for a single CVE

9.6

CVSS
Critical

CVE-2022-3075

PUBLISHED

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to...

Exploited in the wild Remote Low complexity

Vendor: Google
Product: Chrome
Published: Sep 26, 2022
EPSS: —

Description

Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

cisa nessus_scanner

CVSS scores

CVSS v3.1 9.6 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2022-09-08 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Sep 08, 2022

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/211177	Jun 02, 2025

Timeline

CVE ID Reserved

September 01, 2022
Added to KEVIntel

September 08, 2022
CVE Published to Public

September 26, 2022
Detected by Nessus

June 02, 2025