CVE-2022-4174

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 108.0.5359.71

Description The issue is related to a type confusion in the V8 JavaScript engine, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. This could lead to arbitrary code execution. The severity of this issue is considered high. Google has released Chrome 108 with fixes for 28 vulnerabilities, including this one. The researcher who discovered this issue, Zhenghan Xiao, received a reward of $15,000. Google has paid out over $70,000 in rewards to researchers who reported these vulnerabilities. There is no mention of this vulnerability being used in real-world attacks.

Recommendations For Google Chrome versions prior to 108.0.5359.71, update to version 108.0.5359.71 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable components until the update is applied.