CVE-2022-4262

CVSS 8.8 HIGHEPSS 16.1%● KEVCWE-843

In short

Google Chrome's V8 JavaScript engine had a type confusion bug that could let attackers corrupt memory through a malicious webpage, potentially crashing the browser or running harmful code.

Technical detail

Type confusion vulnerability in V8's type system allows remote attackers to trigger heap corruption via crafted JavaScript in a web page. Exploitation requires user interaction (visiting malicious site) and affects Chrome versions before 108.0.5359.94, with potential for arbitrary code execution depending on heap layout.

Summary generated and translated by AI from the official description.

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Google · Chrome

public PoCs found — 3

githubgithub.com/bjrjk/CVE-2022-4262★ 106 githubgithub.com/mistymntncop/CVE-2022-4262★ 58 githubgithub.com/quangnh89/CVE-2022-4262★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html https://crbug.com/1394403 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4262