1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Google Chromium Network Service Use-After-Free Vulnerability

Known Exploited Vulnerabilities CVE-2022-3038 Mappings

Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2022-3038 Google Chromium Network Service Use-After-Free Vulnerability primary_impact T1574 Hijack Execution Flow
Comments
This vulnerability has been exploited by a remote attacker to perform a sandbox escape via a crafted HTML page that allowed the attacker to exploit a heap corruption. This vulnerability was chained together with other CVEs during a spyware campaign performed by a customer or partner of a Spanish spyware company known as Variston IT.
References
  1. https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
  2. https://thehackernews.com/2023/09/new-libwebp-vulnerability-under-active.html
CVE-2022-3038 Google Chromium Network Service Use-After-Free Vulnerability exploitation_technique T1204.001 Malicious Link
Comments
This vulnerability has been exploited by a remote attacker to perform a sandbox escape via a crafted HTML page that allowed the attacker to exploit a heap corruption. This vulnerability was chained together with other CVEs during a spyware campaign performed by a customer or partner of a Spanish spyware company known as Variston IT.
References
  1. https://blog.google/threat-analysis-group/spyware-vendors-use-0-days-and-n-days-against-popular-platforms/
  2. https://thehackernews.com/2023/09/new-libwebp-vulnerability-under-active.html