← back
CVE-2022-1364

CVE-2022-1364

CVSS 8.8 HIGHEPSS 13.7%● KEVCWE-843
In short

Google Chrome's JavaScript engine had a flaw where it could get confused about what type of data it was handling, allowing attackers to corrupt memory through a malicious webpage. This could lead to crashes or worse if an attacker finds the right way to exploit it.

Technical detail

Type confusion vulnerability in V8's Turbofan JIT compiler allows remote attackers to cause heap corruption via crafted HTML pages. The vulnerability results from improper type tracking during optimization, enabling potential arbitrary code execution when heap exploitation techniques are chained. Affects Chrome versions prior to 100.0.4896.127.

Summary generated and translated by AI from the official description.
Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome
public PoCs found2
githubgithub.com/interruptlabs/uc_browser_poc_CVE-2022-136413githubgithub.com/A1Lin/cve-2022-13642
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.htmlhttps://crbug.com/1315901https://security.gentoo.org/glsa/202208-25https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1364