⚠ Actively exploited
Added to CISA KEV on 2022-03-28. Federal agencies required to patch by 2022-04-18. Required action: Apply updates per vendor instructions..

CVE-2022-1096Type Confusion in Google Chrome

CWE-843Type Confusion18 documents13 sources
Severity
8.8HIGHNVD
EPSS
37.7%
top 2.79%
CISA KEV
KEV
Added 2022-03-28
Due 2022-04-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
7
Google ChromeChromiumDebian Chromium+4 more
Timeline
KEV addedMar 28
KEV dueApr 18
PublishedJul 23
Latest updateMay 9
CISA Required Action: Apply updates per vendor instructions.

Description

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages8 packages

CVEListV5google/chromeunspecified99.0.4844.84
NVDgoogle/chrome< 99.0.4844.84
debiandebian/chromium< chromium 99.0.4844.84-1 (bookworm)
Debianchromium/chromium< 99.0.4844.84-1~deb11u1+3

🔴Vulnerability Details

4
OSV
CVE-2022-1096: Type confusion in V8 in Google Chrome prior to 992022-07-23
Project0
2022 0-day In-the-Wild Exploitation…so far - Project Zero2022-06-01
VulnCheck
Google Chromium V8 Type Confusion Vulnerability2022
Project0
Project Zero RCA: CVE-2022-1096: Chrome Type Confusion in Property Access Interceptor

📋Vendor Advisories

6
CISA ICS
Rockwell Products Impacted by Chromium Type Confusion2022-07-28
Chrome
Long Term Support Channel Update: CVE-2022-10962022-04-15
Ubuntu
Chromium vulnerability2022-03-28
CISA
Google Chromium V8 Type Confusion Vulnerability2022-03-28
Microsoft
Chromium: CVE-2022-1096 Type Confusion in V82022-03-08

🕵️Threat Intelligence

7
Tenable
Mind the Gap: A Closer Look at Eight Notable CVEs from 20222023-05-09
Qualys
The 9th Google Chrome Zero-Day Threat this Year – Again Just Before the Weekend2022-12-03
Securelist
Non-mobile malware statistics, Q2 20222022-08-15
Tenable
Cybersecurity Snapshot: 6 Things That Matter Right Now2022-06-17
Tenable
So Many CVEs, So Little Time: Zero In and ‘Zero Click’ into the Current Vulnerability Landscape2022-06-08