CVE-2022-4174

HIGH

Google Chrome < 108.0.5359.71 - Type Confusion in V8 via Crafted HTML Page

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-4174. PoCs published by moften.

AI-analyzed exploit summary This repository contains a Python script that scans for Nginx version 1.22.1 and checks for the presence of the ngx_http_mp4_module to determine potential vulnerabilities (CVE-2022-41741, CVE-2022-41742, and CVE-2023-44487). It does not exploit the vulnerabilities but provides detection and mitigation recommendations.

Description

Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (1)

nomisec SCANNER
by moften · poc
https://github.com/moften/CVE-2022-4174_CVE-2022-41742

This repository contains a Python script that scans for Nginx version 1.22.1 and checks for the presence of the ngx_http_mp4_module to determine potential vulnerabilities (CVE-2022-41741, CVE-2022-41742, and CVE-2023-44487). It does not exploit the vulnerabilities but provides detection and mitigation recommendations.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Nginx 1.22.1 with ngx_http_mp4_module
No auth needed
Prerequisites: Network access to the target Nginx server · Nginx server with exposed 'Server' header and accessible MP4 module
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking, Permissions Required
https://crbug.com/1379054
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202305-10
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-11

Scores

CVSS v3 8.8
EPSS 0.0088
EPSS Percentile 54.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-843
Status published
Products (1)
google/chrome < 108.0.5359.71
Published Nov 30, 2022
Tracked Since Feb 18, 2026