Vulnerability detail

Enriched intelligence for a single CVE

9.6

CVSS
Critical

CVE-2022-4135

PUBLISHED

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to...

Exploited in the wild Remote Low complexity

Vendor: Google
Product: Chrome
Published: Nov 25, 2022
EPSS: —

Description

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

cisa nessus_scanner

CVSS scores

CVSS v3.1 9.6 Critical

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2022-11-28 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Nov 28, 2022

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/175034	Jun 02, 2025

Timeline

CVE ID Reserved

November 24, 2022
CVE Published to Public

November 25, 2022
Added to KEVIntel

November 28, 2022
Detected by Nessus

June 02, 2025