Vulnerability DatabaseCVE-2022-1493

CVE-2022-1493:
vulnerability analysis and mitigation

Overview

CVE-2022-1493 is a Use-after-free vulnerability discovered in the Dev Tools component of Google Chrome versions prior to 101.0.4951.41. The vulnerability was reported by Zhihua Yao of KunLun Lab on December 1, 2021, and was officially patched in April 2022 (Chrome Release).

Technical details

The vulnerability is classified as a Use-after-free (CWE-416) issue in the Dev Tools component of Google Chrome. It received a CVSS v3.1 Base Score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating a high-severity vulnerability that requires user interaction (NVD).

Impact

The vulnerability allows a remote attacker to potentially exploit heap corruption through specific and direct user interaction. Given the high CVSS score and the complete compromise of confidentiality, integrity, and availability indicated by the vector string, successful exploitation could lead to significant security implications (NVD).

Mitigation and workarounds

The vulnerability was fixed in Google Chrome version 101.0.4951.41. Users and organizations should upgrade to this version or later to mitigate the risk. The fix was included in a security update that addressed multiple vulnerabilities (Chrome Release).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

8.8

Score

Published July 26, 2022

Severity HIGH

CNA Score N/A

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 74.3

Exploitation Probability (EPSS) 0.9

Affected packages and libraries

qt5-qtwebengine
www-client/google-chrome

Sources

Alpine Security Tracker
- Alpine 3.15 Severity HIGHHas FixAdded at: May 21, 2022
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity HIGHNo FixAdded at: Apr 27, 2022
- Debian 11, 12 Severity HIGHHas FixAdded at: Apr 27, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Aug 14, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: May 02, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Jul 31, 2022
- Windows Severity HIGHHas FixAdded at: May 01, 2022