CVE-2022-0609
published 2022-04-05CVE-2022-0609: Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PriorityP189high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITWRansomware
CISA Known Exploited Vulnerabilitydue 2022-03-01
Exploited in the wild
EPSS
23.55%
97.5th percentile
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 98.0.4758.102-1~deb11u1 | 98.0.4758.102-1~deb11u1 |
| chromium | chromium | >= 0 < 98.0.4758.102-1 | 98.0.4758.102-1 |
| chromium | chromium | >= 0 < 98.0.4758.102-1 | 98.0.4758.102-1 |
| chromium | chromium | >= 0 < 98.0.4758.102-1 | 98.0.4758.102-1 |
| debian | chromium | < chromium 98.0.4758.102-1 (bookworm) | chromium 98.0.4758.102-1 (bookworm) |
| chrome | < 98.0.4758.102 | 98.0.4758.102 | |
| chrome | >= unspecified < 98.0.4758.102 | 98.0.4758.102 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit delivered via hidden iframes embedded in both compromised legitimate websites and attacker-owned websites, serving a multi-stage exploit kit targeting Chrome users ↗
- →Initial stage of exploit kit serves heavily obfuscated JavaScript that fingerprints the target by collecting user-agent, resolution, and other client info before sending to exploitation server — detect anomalous JS fingerprinting beacons ↗
- →Attackers specifically checked visitor browser/OS combinations (Safari on macOS, Firefox on any OS) and redirected them to separate known exploitation servers — monitor for server-side browser/OS conditional redirects from suspicious pages ↗
- →CVE-2022-0609 is actively exploited in the wild; patch Chrome to version 98.0.4758.102 or later and Microsoft Edge to 98.0.1108.55 or later to remediate ↗
- ·The specific requirements checked server-side before serving the RCE exploit are unknown, limiting the ability to fully replicate or simulate the attack chain ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa8.8HIGH
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA ICS
Rockwell Automation Connected Components Workbench
cisa_ics·2023-09-21·CVSS 9.6
[CRITICAL] Rockwell Automation Connected Components Workbench
ICS Advisory
##
Rockwell Automation Connected Components Workbench
Release DateSeptember 21, 2023
Alert CodeICSA-23-264-05
## View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v3 9.6
- ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation
- Vendor: Rockwell Automation
- Equipment: Connected Components Workbench
- Vulnerabilities: Use After Free, Out-of-bounds Write
## 2. RISK EVALUATION
Successful exploitation of these vulnerabilities could allow an attacker to exploit heap corruption via a crafted HTML.
## 3. TECHNICAL DETAILS
## 3.1 AFFECTED PRODUCTS
The following versions of Rockwell Automation Connected Components Workbench Smart Security Manager are affected:
- Connected Components Workbench: versions
CISA
Adobe Flash Player Unspecified Vulnerability
cisa·2022-06-08·CVSS 7.8
CVE-2011-0609 [HIGH] Adobe Flash Player Unspecified Vulnerability
Vulnerability: Adobe Flash Player Unspecified Vulnerability
Affected: Adobe Flash Player
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Required Action: The impacted product is end-of-life and should be disconnected if still in use.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2011-0609
Remediation Due Date: 2022-06-22
CISA
Google Chromium Animation Use-After-Free Vulnerability
cisa·2022-02-15·CVSS 8.8
CVE-2022-0609 [HIGH] CWE-416 Google Chromium Animation Use-After-Free Vulnerability
Vulnerability: Google Chromium Animation Use-After-Free Vulnerability
Affected: Google Chromium Animation
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2022-0609
Remediation Due Date: 2022-03-01
Chrome
Stable Channel Update for Desktop: CVE-2022-0607
vendor_chrome·2022-02-14·CVSS 8.8
CVE-2022-0607 [HIGH] Stable Channel Update for Desktop: CVE-2022-0607
Stable Channel Update for Desktop
CVE-2022-0607: Use after free in GPU. Reported by 0x74960 on 2021-09-17 [$NA][ 1270333 ] High CVE-2022-0608: Integer overflow in Mojo
Reported by Sergei Glazunov of Google Project Zero on 2021-11-16 [$NA][ 1296150 ] High CVE-2022-0609: Use after free in Animation
Severity: high
Microsoft
Chromium: CVE-2022-0609 Use after free in Animation
vendor_msrc·2022-02-08·CVSS 8.8
CVE-2022-0609 [HIGH] Chromium: CVE-2022-0609 Use after free in Animation
Chromium: CVE-2022-0609 Use after free in Animation
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. Google is aware of reports that an exploit for CVE-2022-0609 exists in the wild.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
98.0.1108.55
2/15/2022
98.0.4758.102
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromiu
Debian
CVE-2022-0609: chromium - Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a re...
vendor_debian·2022·CVSS 8.8
CVE-2022-0609 [HIGH] CVE-2022-0609: chromium - Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a re...
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 98.0.4758.102-1)
bullseye: resolved (fixed in 98.0.4758.102-1~deb11u1)
forky: resolved (fixed in 98.0.4758.102-1)
sid: resolved (fixed in 98.0.4758.102-1)
trixie: resolved (fixed in 98.0.4758.102-1)
OSV
CVE-2022-0609: Use after free in Animation in Google Chrome prior to 98
osv·2022-04-05·CVSS 8.8
CVE-2022-0609 [HIGH] CVE-2022-0609: Use after free in Animation in Google Chrome prior to 98
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
OSV
Use after free in Animation
osv·2022-02-22·CVSS 8.8
CVE-2022-0609 [HIGH] Use after free in Animation
Use after free in Animation
CVE-2022-0609: Use after free in Animation
- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609
Google is aware of reports that exploits for CVE-2022-0609 exist in the wild.
The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.
There is currently little other public information on the issue other than it has been flagged as `High` severity.
GHSA
Use after free in Animation
ghsa·2022-02-22·CVSS 8.8
CVE-2022-0609 [HIGH] CWE-416 Use after free in Animation
Use after free in Animation
CVE-2022-0609: Use after free in Animation
- https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0609
Google is aware of reports that exploits for CVE-2022-0609 exist in the wild.
The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.
There is currently little other public information on the issue other than it has been flagged as `High` severity.
VulnCheck
Google Chromium Animation Use-After-Free Vulnerability
vulncheck·2022·CVSS 8.8
CVE-2022-0609 [HIGH] CWE-416 Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation Use-After-Free Vulnerability
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Affected: Google Chromium Animation
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://blog.google/threat-analysis-group/countering-threats-north-korea/; https://securelist.com/it-
No detection rules found.
No public exploits indexed.
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
blogs_greynoiseio·2025-02-26·CVSS 9.8
[CRITICAL] GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Qualys
Defense Lessons From the Black Basta Ransomware Playbook
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook
## Table of Contents
Know Your Enemys Playbook
Attackers Move Fast
How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against evolving
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
#### Table of Contents
- Know Your Enemys Playbook
- Attackers Move Fast
- How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against ev
Tenable
Mind the Gap: A Closer Look at Eight Notable CVEs from 2022
blogs_tenable·2023-05-09
Mind the Gap: A Closer Look at Eight Notable CVEs from 2022
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend
blogs_qualys·2022-12-03·CVSS 8.8
CVE-2022-4262 [HIGH] The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend
## Table of Contents
Organizations respond, but slowly
Qualys Patch Management speeds remediation
Google has released yet another security update for the Chrome desktop web browser to address a high-severity vulnerability that is being exploited in the wild. This is the ninth Chrome zero-day fixed this year by Google. This security bug ( CVE-2022-4262 ; QID 377804 ) is a Type Confusion vulnerability in Chrome’s V8 JavaScript Engine.
Google has withheld details about the vulnerability to prevent expanding its malicious exploitation and to allow users time to apply the security updates necessary on their Chrome installations.
Google’s previous zero-days were also released right before a weekend (see Don’t spend another weekend patching Chrome and Don’t Spend Your Holiday Season Patching
Securelist
Non-mobile malware statistics, Q2 2022
blogs_securelist·2022-08-15
Non-mobile malware statistics, Q2 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q2 2022
- IT threat evolution in Q2 2022. Non-mobile statistics
- IT threat evolution in Q2 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2022:
- Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe.
- Web Anti-Virus recognized 273,033,368 unique URLs as malicious. Attempts to run malware fo
Securelist
IT threat evolution in Q1 2022. Non-mobile statistics
blogs_securelist·2022-05-27
IT threat evolution in Q1 2022. Non-mobile statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Geography of financial malware attacks
TOP 10 banking malware families
Ransomware programs
Quarterly trends and highlights
Law enforcement successes
HermeticWiper, HermeticRansom and RUransom, etc.
Conti source-code leak
Attacks on NAS devices
Maze Decryptor
Number of new modifications
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by criminals during cyberattacks
Quarter highlights
Vulnerability statistics
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat
Securelist
PC malware statistics, Q1 2022
blogs_securelist·2022-05-27
PC malware statistics, Q1 2022
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by criminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
- IT threat evolution in Q1 2022
- IT threat evolution in Q1 2022. Non-mobile statistics
- IT threat evolution in Q1 2022. Mobile statistics
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q1 2022:
- Kaspersky solutions blocked 1,216,350,437 attacks from online resources across the globe.
- Web Anti-Virus recognized 313,164,030 unique URLs as malicious.
- Attempts to run malware
Checkpoint
28th March – Threat Intelligence Report
blogs_checkpoint·2022-03-28
CVE-2022-24934 28th March – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 28th March – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 28th March, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Large companies including Microsoft, Okta, NVIDIA, Samsung & Ubisoft have been breached by the Lapsus$ hacking group. This cyber gang is best known for publishing sensitive information stolen from major technology companies and governments. How the gang managed to breach these targets is not yet clear to the public. In recent
Schneier
Chrome Zero-Day from North Korea - Schneier on Security
blogs_schneier·2022-03-01·CVSS 8.8
CVE-2022-0609 [HIGH] Chrome Zero-Day from North Korea - Schneier on Security
## Chrome Zero-Day from North Korea
North Korean hackers have been exploiting a zero-day in Chrome.
The flaw, tracked as CVE-2022-0609, was exploited by two separate North Korean hacking groups. Both groups deployed the same exploit kit on websites that either belonged to legitimate organizations and were hacked or were set up for the express purpose of serving attack code on unsuspecting visitors. One group was dubbed Operation Dream Job, and it targeted more than 250 people working for 10 different companies. The other group, known as AppleJeus, targeted 85 users.
Details :
The attackers made use of an exploit kit that contained multiple stages and components in order to exploit targeted users. The attackers placed links to the exploit kit within hidden iframes, which they embedded o
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
Huntress
What are Zero Day Vulnerabilities? | Huntress
blogs_huntress
What are Zero Day Vulnerabilities? | Huntress
## How Zero Day Vulnerabilities Work
Zero day vulnerabilities typically lurk under the radar, unseen by both the vendor and the broader security community. Once these holes are discovered, it’s a race against the clock as attackers scramble to capitalize on the flaw while defenders rush to spot, patch, and remediate impacted systems. Unfortunately, hacking a system often takes far less time than pushing out a fully tested patch, which is why zero day vulnerabilities fetch a premium on the cybercriminal black market.
## The Lifecycle of a Zero Day Vulnerability
Unknown and Undetected : A zero day vulnerability exists but is unknown to vendors or security teams.
Discovery by Attackers or Researchers : Either security researchers or hackers discover the vulnerability, but its existence ma
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.htmlhttps://crbug.com/1296150https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.htmlhttps://crbug.com/1296150https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-0609
2022-04-05
Published
2022-02-15
Added to CISA KEV
Exploited in the wild