CVE-2022-4262

HIGH KEV

Google Chrome < 108.0.5359.94 - Type Confusion in V8 via Crafted HTML Page

Title source: llm

Exploitation Summary

CVE-2022-4262 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added December 5, 2022. EIP tracks 3 public exploits from researchers including bjrjk, mistymntncop, quangnh89.

AI-analyzed exploit summary This repository contains a writeup and analysis of CVE-2022-4262, including root cause, PoC, exploit details, and slides. No actual exploit code is present in the provided files.

Description

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Exploits (3)

nomisec WRITEUP 106 stars

by bjrjk · client-side

https://github.com/bjrjk/CVE-2022-4262

View Code ZIP pw:eip

This repository contains a writeup and analysis of CVE-2022-4262, including root cause, PoC, exploit details, and slides. No actual exploit code is present in the provided files.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 58 stars

by mistymntncop · client-side

https://github.com/mistymntncop/CVE-2022-4262

View Code ZIP pw:eip

This is a working proof-of-concept exploit for CVE-2022-4262, a type confusion vulnerability in Chromium's V8 JavaScript engine. The exploit leverages memory corruption via the SetNamedProperty instruction to achieve arbitrary read/write primitives.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Chromium V8 JavaScript engine (version up to 10.9.194.4)

No auth needed

Prerequisites: Vulnerable version of Chromium/V8 · Ability to execute JavaScript in the target environment

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by quangnh89 · client-side

https://github.com/quangnh89/CVE-2022-4262

View Code ZIP pw:eip

This repository contains a README file describing a full analysis of CVE-2022-4262, including root cause, PoC, and exploit details. However, no actual exploit code or technical details are provided in the snippet.

Classification

Writeup 90%

Attack Type

Other

Complexity

Unknown

Reliability

Theoretical

Target: unknown

No auth needed

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Patch, Release Notes, Vendor Advisory

https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html

Permissions Required, Vendor Advisory

https://crbug.com/1394403

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-4262

Scores

CVSS v3 8.8

EPSS 0.0856

EPSS Percentile 92.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2022-12-05

VulnCheck KEV 2022-11-29

InTheWild.io 2022-11-29

ENISA EUVD EUVD-2022-51618

CWE

CWE-843

Status published

Products (1)

google/chrome < 108.0.5359.94

Published Dec 02, 2022

KEV Added Dec 05, 2022

Tracked Since Feb 18, 2026