⚠ Actively exploited
Added to CISA KEV on 2022-02-15. Federal agencies required to patch by 2022-03-01. Required action: Apply updates per vendor instructions..

CVE-2022-0609Use After Free in Google Chrome

CWE-416Use After Free22 documents15 sources
Severity
8.8HIGHNVD
CISA7.8
EPSS
47.0%
top 2.31%
CISA KEV
KEV
Added 2022-02-15
Due 2022-03-01
Exploit
Exploited in wild
Active exploitation observed
Affected products
5
Google ChromeChromiumDebian Chromium+2 more
Timeline
KEV addedFeb 15
KEV dueMar 1
PublishedApr 5
Latest updateFeb 26
CISA Required Action: Apply updates per vendor instructions.

Description

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5google/chromeunspecified98.0.4758.102
NVDgoogle/chrome< 98.0.4758.102
debiandebian/chromium< chromium 98.0.4758.102-1 (bookworm)
Debianchromium/chromium< 98.0.4758.102-1~deb11u1+3

🔴Vulnerability Details

4
OSV
CVE-2022-0609: Use after free in Animation in Google Chrome prior to 982022-04-05
OSV
Use after free in Animation2022-02-22
GHSA
Use after free in Animation2022-02-22
VulnCheck
Google Chromium Animation Use-After-Free Vulnerability2022

📋Vendor Advisories

6
CISA ICS
Rockwell Automation Connected Components Workbench2023-09-21
CISA
Adobe Flash Player Unspecified Vulnerability2022-06-08
CISA
Google Chromium Animation Use-After-Free Vulnerability2022-02-15
Chrome
Stable Channel Update for Desktop: CVE-2022-06072022-02-14
Microsoft
Chromium: CVE-2022-0609 Use after free in Animation2022-02-08

🕵️Threat Intelligence

11
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs2025-02-26
Qualys
Defense Lessons From the Black Basta Ransomware Playbook2025-02-25
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys2025-02-25
Tenable
Mind the Gap: A Closer Look at Eight Notable CVEs from 20222023-05-09
Qualys
The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend2022-12-03