Login Sign Up

CVE-2022-1487

7.5 HIGH

📋 TL;DR

This is a use-after-free vulnerability in Google Chrome's Ozone display system that could allow remote attackers to exploit heap corruption. Attackers could potentially execute arbitrary code or cause browser crashes by tricking users into visiting malicious websites. All Chrome users on affected versions are vulnerable.

💻 Affected Systems

Products:
  • Google Chrome
Versions: Prior to 101.0.4951.41
Operating Systems: Linux (Wayland systems), Potentially other platforms using Ozone
Default Config Vulnerable: ⚠️ Yes
Notes: Primarily affects Linux systems using Wayland display server protocol, but Chrome's Ozone layer may have broader implications.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or malware installation.

🟠

Likely Case

Browser crash (denial of service) or limited memory corruption leading to information disclosure.

🟢

If Mitigated

No impact if Chrome is updated to patched version or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) and specific Wayland environment conditions.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 101.0.4951.41

Vendor Advisory: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click menu (three dots) → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the update.

🔧 Temporary Workarounds

Disable Wayland (Linux only)

linux

Switch from Wayland to X11 display server to remove the vulnerable component

Edit /etc/gdm3/custom.conf or equivalent and set WaylandEnable=false
Restart display manager

🧯 If You Can't Patch

  • Restrict Chrome to internal network use only
  • Implement web filtering to block malicious sites and untrusted content

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: If version is less than 101.0.4951.41, system is vulnerable.

Check Version:

google-chrome --version

Verify Fix Applied:

Confirm Chrome version is 101.0.4951.41 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports with memory corruption errors
  • Wayland protocol errors in system logs

Network Indicators:

  • Unusual outbound connections from Chrome process
  • Traffic to known exploit hosting domains

SIEM Query:

process_name:"chrome" AND (event_id:1000 OR event_id:1001) AND memory_corruption

📊 Metadata

CVE ID: CVE-2022-1487
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-416
Published: July 26, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1487, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)