CVE-2022-0609 is a vulnerability in Google Chrome
Published on April 5, 2022
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Known Exploited Vulnerability
This Google Chrome Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.
The following remediation steps are recommended / required by March 1, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2022-0609 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2022-0609 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2022-0609
You can be notified by stack.watch whenever vulnerabilities like CVE-2022-0609 are published in these products:
What versions of Chrome are vulnerable to CVE-2022-0609?
- Google Chrome Fixed in Version 98.0.4758.102
Vulnerable Packages
The following package name and versions may be associated with CVE-2022-0609
Package Manager | Vulnerable Package | Versions | Fixed In |
---|---|---|---|
nuget | CefSharp.Common | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.OffScreen | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.WinForms | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.Wpf | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.Wpf.HwndHost | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.Common.NETCore | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.OffScreen.NETCore | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.WinForms.NETCore | <= 98.1.190 | 98.1.210 |
nuget | CefSharp.Wpf.NETCore | <= 98.1.190 | 98.1.210 |