CVE-2022-1364

HIGH KEV

Google Chrome < 100.0.4896.127 - Type Confusion

Title source: rule

Description

Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Exploits (2)

nomisec WORKING POC 10 stars

by interruptlabs · client-side

https://github.com/interruptlabs/uc_browser_poc_CVE-2022-1364

View Code ZIP pw:eip

nomisec WRITEUP 2 stars

by A1Lin · client-side

https://github.com/A1Lin/cve-2022-1364

View Code ZIP pw:eip

References (4)

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html

[Exploit, Issue Tracking, Patch, Vendor Advisory] https://crbug.com/1315901

[Third Party Advisory] https://security.gentoo.org/glsa/202208-25

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-1364

Scores

CVSS v3 8.8

EPSS 0.1751

EPSS Percentile 95.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-04-15

VulnCheck KEV 2022-04-13

InTheWild.io 2022-04-13

ENISA EUVD EUVD-2022-24685

CWE

CWE-843

Status published

Products (1)

google/chrome < 100.0.4896.127

Published Jul 26, 2022

KEV Added Apr 15, 2022

Tracked Since Feb 18, 2026