CVE-2022-1638 — Out-of-bounds Write in Google Chrome

CWE-787 — Out-of-bounds Write10 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 34.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Linux Kernel +3 more

Timeline

PublishedJul 26

Latest updateDec 8

Description

Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶CVEListV5google/chromeunspecified — 101.0.4951.64

▶NVDgoogle/chrome< 101.0.4951.64

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 101.0.4951.64-1 (bookworm)

▶Linuxlinux/linux_kernel5.15.0 — 5.15.86+2

🔴Vulnerability Details

OSV

f2fs: fix to invalidate dcc->f2fs_issue_discard in error path↗2025-12-08

▶

GHSA

GHSA-v898-xxg8-qvgf: Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101↗2022-07-27

▶

OSV

CVE-2022-1638: Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101↗2022-07-26

▶

📋Vendor Advisories

Red Hat

kernel: f2fs: fix to invalidate dcc->f2fs_issue_discard in error path↗2025-12-08

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2022-1638↗2022-05-31

▶

Chrome

Stable Channel Update for Desktop: CVE-2022-1636↗2022-05-10

▶

Microsoft

Chromium: CVE-2022-1638 Heap buffer overflow in V8 Internationalization↗2022-05-10

▶

Debian

CVE-2022-1638: chromium - Heap buffer overflow in V8 Internationalization in Google Chrome prior to 101.0....↗2022

▶

🕵️Threat Intelligence

Talos

Vulnerability Spotlight: OS command injection, directory traversal and other vulnerabilities found in Siretta Quartz-Gold and FreshTomato↗2023-01-26

▶