Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Loading...
Loading...
Score elevated to 9.6 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2022-09-08), indicating real-world exploitation has been confirmed by US federal agencies. NVD baseline CVSS 9.6 retained for reference. Confidence: HIGH.
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
September 26, 2022
October 24, 2025
Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-3075MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 443 total refreshes for this CVE.
Explore the affected products and dependency analysis for CVE-2022-3075
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
msrc
CWE-20