google chrome CVE-2022-0609 is a vulnerability in Google Chrome
Published on April 5, 2022

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Github Repository Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Google Chrome Use-After-Free Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.

The following remediation steps are recommended / required by March 1, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2022-0609 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2022-0609 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2022-0609

You can be notified by stack.watch whenever vulnerabilities like CVE-2022-0609 are published in these products:

Google Chrome
 

What versions of Chrome are vulnerable to CVE-2022-0609?

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-0609

Package Manager Vulnerable Package Versions Fixed In
nuget CefSharp.Common <= 98.1.190 98.1.210
nuget CefSharp.OffScreen <= 98.1.190 98.1.210
nuget CefSharp.WinForms <= 98.1.190 98.1.210
nuget CefSharp.Wpf <= 98.1.190 98.1.210
nuget CefSharp.Wpf.HwndHost <= 98.1.190 98.1.210
nuget CefSharp.Common.NETCore <= 98.1.190 98.1.210
nuget CefSharp.OffScreen.NETCore <= 98.1.190 98.1.210
nuget CefSharp.WinForms.NETCore <= 98.1.190 98.1.210
nuget CefSharp.Wpf.NETCore <= 98.1.190 98.1.210