CVE-2022-0609

HIGH KEV RANSOMWARE

Google Chrome <98.0.4758.102 - Use After Free

Title source: llm

Description

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

References (3)

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html

[Issue Tracking, Vendor Advisory] https://crbug.com/1296150

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0609

Scores

CVSS v3 8.8

EPSS 0.3952

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitation Intel

CISA KEV 2022-02-15

VulnCheck KEV 2022-02-10

InTheWild.io 2022-02-10

ENISA EUVD EUVD-2022-1213

Ransomware Use Confirmed

Classification

CWE

CWE-416

Status published

Affected Products (10)

google/chrome < 98.0.4758.102

nuget/CefSharp.Common < 98.1.210NuGet

nuget/CefSharp.OffScreen < 98.1.210NuGet

nuget/CefSharp.WinForms < 98.1.210NuGet

nuget/CefSharp.Wpf < 98.1.210NuGet

nuget/CefSharp.Wpf.HwndHost < 98.1.210NuGet

nuget/CefSharp.Common.NETCore < 98.1.210NuGet

nuget/CefSharp.OffScreen.NETCore < 98.1.210NuGet

nuget/CefSharp.WinForms.NETCore < 98.1.210NuGet

nuget/CefSharp.Wpf.NETCore < 98.1.210NuGet

Timeline

Published Apr 05, 2022

KEV Added Feb 15, 2022

Tracked Since Feb 18, 2026