PT-2022-2240 · Google+7 · Google Chrome+8

Clément Lecigne

Published

2022-04-14

Updated

2026-02-07

CVE-2022-1364

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 100.0.4896.127

Description The issue is related to a type confusion in the V8 JavaScript engine, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability is being actively exploited by attackers. Google has released an emergency update to address this issue.

Recommendations For Google Chrome versions prior to 100.0.4896.127, update to version 100.0.4896.127 or later to resolve the issue. Users of Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, should also apply updates as they become available. As a temporary workaround, consider avoiding the use of potentially vulnerable V8 Turbofan functionality until a patch is applied.

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALT-PU-2022-1701

ALT-PU-2022-1734

ALT-PU-2022-1828

ALT-PU-2022-2055

BDU:2022-02336

CVE-2022-1364

DSA-5121-1

MGASA-2022-0146

OPENSUSE-SU-2022:0114-1

OPENSUSE-SU-2022:0123-1

OPENSUSE-SU-2022:0156-1

OPENSUSE-SU-2022_0123-1

OPENSUSE-SU-2022_0156-1

OPENSUSE-SU-2024:12000-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Astra Linux

Brave

Google Chrome

Edge

Opera

Suse

V8 Javascript Engine

Vivaldi

PT-2022-2240 · Google+7 · Google Chrome+8

CVE-2022-1364

Weakness Enumeration

Related Identifiers

Affected Products

References · 2358