CVE-2022-0609

HIGH
2022-04-05 [email protected]
8.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 26, 2026 - 11:19 vuln.today
Added to CISA KEV
Oct 24, 2025 - 14:09 cisa
CISA KEV
CVE Published
Apr 05, 2022 - 00:15 nvd
HIGH 8.8

Tags

Google Chrome

Description

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Analysis

Google Chrome contains a use-after-free vulnerability in the Animation component that allows remote attackers to exploit heap corruption via crafted HTML pages, exploited in February 2022 by North Korean APT groups.

Technical Context

The CWE-416 use-after-free in Chrome's Animation implementation allows remote attackers to corrupt heap memory when the browser processes crafted HTML/CSS animation sequences. Successful exploitation achieves renderer process compromise.

Affected Products

['Google Chrome prior to 98.0.4758.102']

Remediation

Update Chrome immediately. Enable Chrome's enhanced protection mode. Organizations should enforce Chrome auto-updates via enterprise policy.

Priority Score

54
Low Medium High Critical
KEV: +50
EPSS: +40.1
CVSS: +44
POC: 0

Share

CVE-2022-0609 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy