CVE-2022-4262

HIGH KEV

Google Chrome < 108.0.5359.94 - Type Confusion

Title source: rule

Description

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (4)

nomisec WRITEUP 106 stars

by bjrjk · client-side

https://github.com/bjrjk/CVE-2022-4262

View Code ZIP pw:eip

nomisec WORKING POC 58 stars

by mistymntncop · client-side

https://github.com/mistymntncop/CVE-2022-4262

View Code ZIP pw:eip

nomisec WRITEUP

by quangnh89 · client-side

https://github.com/quangnh89/CVE-2022-4262

View Code ZIP pw:eip

inthewild

poc

https://github.com/xem6/cve-2022-4262

View on inthewild

References (3)

[Patch, Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html

[Permissions Required, Vendor Advisory] https://crbug.com/1394403

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4262

Scores

CVSS v3 8.8

EPSS 0.0635

EPSS Percentile 91.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-12-05

VulnCheck KEV 2022-11-29

InTheWild.io 2022-11-29

ENISA EUVD EUVD-2022-51618

CWE

CWE-843

Status published

Products (1)

google/chrome < 108.0.5359.94

Published Dec 02, 2022

KEV Added Dec 05, 2022

Tracked Since Feb 18, 2026