← back
CVE-2022-0609

CVE-2022-0609

CVSS 8.8 HIGHEPSS 23.5%● KEVCWE-416
In short

Google Chrome's Animation feature had a memory bug where freed memory could be reused, allowing attackers to crash the browser or potentially execute code by visiting a malicious website.

Technical detail

Use-after-free vulnerability in Chrome's Animation component (CWE-416) enables remote code execution or heap corruption when processing crafted HTML. Attack vector is web-based (requires user to visit malicious page); no authentication needed. Pre-condition: victim must use Chrome < 98.0.4758.102.

Summary generated and translated by AI from the official description.
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.htmlhttps://crbug.com/1296150https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0609