Vulnerability DatabaseCVE-2022-3370

CVE-2022-3370:
vulnerability analysis and mitigation

Overview

A high-severity vulnerability identified as CVE-2022-3370 was discovered in Google Chrome's Custom Elements feature. The vulnerability affected versions prior to 106.0.5249.91 and was reported on September 22, 2022. This use-after-free vulnerability could allow remote attackers to exploit heap corruption through specially crafted HTML pages (Chrome Release, NVD).

Technical details

The vulnerability is classified as a use-after-free flaw specifically affecting the Custom Elements component in Google Chrome. This type of vulnerability occurs when the program continues to use a memory location after it has been freed, which can lead to heap corruption. The issue was assigned a High security severity rating by the Chromium team (Chrome Release).

Impact

If successfully exploited, this vulnerability could allow remote attackers to potentially corrupt heap memory through specially crafted HTML pages, which could lead to program crashes or potential code execution (NVD).

Mitigation and workarounds

Google addressed this vulnerability in Chrome version 106.0.5249.91 for Windows, Mac, and Linux platforms. Users are advised to update their Chrome browsers to this version or later to protect against potential exploitation (Chrome Release, Debian Security).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

8.8

Score

Published November 1, 2022

Severity HIGH

CNA Score N/A

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 65.3

Exploitation Probability (EPSS) 0.5

Affected packages and libraries

chromium-browser
chromedriver

Sources

Alpine Security Tracker
- Alpine 3.16 Severity HIGHHas FixAdded at: Nov 08, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 10 Severity HIGHNo FixAdded at: Oct 01, 2022
- Debian 11, 12 Severity HIGHHas FixAdded at: Oct 01, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Oct 31, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Oct 06, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Nov 01, 2022
- Windows Severity HIGHHas FixAdded at: Oct 09, 2022