CVE-2022-1096

HIGH KEV

Google Chrome < 99.0.4844.84 - Type Confusion in V8 via Crafted HTML Page

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2022-1096 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added March 28, 2022. EIP tracks 1 public exploit from researchers including Mav3r1ck0x1.

AI-analyzed exploit summary This PowerShell script dumps Chrome and Edge version information to text files to check for CVE-2022-1096 vulnerability. It retrieves version details from executable paths and logs them for analysis.

Description

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (1)

nomisec SCANNER 3 stars
by Mav3r1ck0x1 · poc
https://github.com/Mav3r1ck0x1/Chrome-and-Edge-Version-Dumper

This PowerShell script dumps Chrome and Edge version information to text files to check for CVE-2022-1096 vulnerability. It retrieves version details from executable paths and logs them for analysis.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Google Chrome, Microsoft Edge
No auth needed
Prerequisites: Access to the target system · Chrome/Edge installed in default paths
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://crbug.com/1309225
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202208-25

Scores

CVSS v3 8.8
EPSS 0.2424
EPSS Percentile 97.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-03-28
VulnCheck KEV 2022-03-23
InTheWild.io 2022-03-23
ENISA EUVD EUVD-2022-24439
CWE
CWE-843
Status published
Products (1)
google/chrome < 99.0.4844.84
Published Jul 23, 2022
KEV Added Mar 28, 2022
Tracked Since Feb 18, 2026