Vulnerability intelligence

CVE-2022-4135

Google Chromium GPU Heap Buffer Overflow Vulnerability

Google Chromium GPU

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

CVSS Score

9.6

Critical

EPSS — Exploit Probability

0.1%

Riskier than 23% of all CVEs

Exploitation

Confirmed in the wild

Used in ransomware campaigns

Remediation

Patch available

Federal deadline 2022-12-19

CISA required action

Apply updates per vendor instructions. Deadline for federal agencies: 2022-12-19.

NVD entry Vendor patch PoC / advisory CISA KEV

1 article across 1 outlet · first covered May 3, 2026 · latest May 3, 2026

Coverage timeline

Spyware vendors use 0-days and n-days against popular platforms
blog.google · May 3, 2026

Related CVEs — Google

CVE-2026-11645KEV CVE-2022-3723KEV CVE-2026-5281KEV