← back
CVE-2022-1096

CVE-2022-1096

CVSS 8.8 HIGHEPSS 24.2%● KEVCWE-843
In short

Google Chrome's V8 engine confused different data types in memory, allowing attackers to corrupt the heap through a malicious webpage. This could lead to crashes or potentially execute arbitrary code.

Technical detail

Type confusion vulnerability in V8's type system allows remote attackers to corrupt heap memory via specially crafted HTML. Exploitation requires user interaction (visiting a malicious page) and results in heap corruption with potential code execution impact.

Summary generated and translated by AI from the official description.
Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome
public PoCs found1
githubgithub.com/Mav3r1ck0x1/Chrome-and-Edge-Version-Dumper2
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.htmlhttps://crbug.com/1309225https://security.gentoo.org/glsa/202208-25https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1096