vulnerability

Zoom Zoom: CVE-2022-22779: Retained exploded messages in Keybase clients for macOS and Windows

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:P/I:N/A:N)	Feb 8, 2022	Nov 14, 2023	Mar 25, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:P/I:N/A:N)

Published

Feb 8, 2022

Added

Nov 14, 2023

Modified

Mar 25, 2026

Description

The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem.Users can help keep themselves secure by applying current updates or downloading the latest Keybase software with all current security updates fromhttps://keybase.io/download.

Solution

zoom-zoom-upgrade-latest

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report