Published: 26/07/2022 Updated: 30/08/2022
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

Vulnerability Summary

Type confusion in V8 Turbofan in Google Chrome before 100.0.4896.127 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

A security issue was discovered in Chromium, which could result in the execution of arbitrary code For the stable distribution (bullseye), this problem has been fixed in version 10004896127-1~deb11u1 We recommend that you upgrade your chromium packages For the detailed security status of chromium please refer to its security tracker page at: ...
 The Stable channel has been updated to 10004896127 for Windows, Mac and Linux which will roll out over the coming days/weeks A full list of changes in this build is available in the log Interested in switching release channels? Find out how here If you find a new issue, please let us know by filing a bug The community help forum is als ...
Hi, everyone! We've just released Chrome 100 (10004896127) for Android: it'll become available on Google Play over the next few daysThis release includes security, stability and performance improvements You can see a full list of the changes in the Git log If you find a new issue, please let us know by filing a bugSecurity Fix ...
LTS-96 has been updated in the LTS channel to 9604664207 (Platform Version: 14268820) for most ChromeOS devices Want to know more about Long-term Support? Click here This update contains multiple Security fixes, including:1311701  High  CVE-2022-1312 Security: UAF in DumpDatabaseHandler1283050 &nb ...

Github Repositories

yum-rpm dnf sudo dnf update wget atomio/download/rpm -O atomx86_64rpm sudo dnf localinstall atomx86_64rpm rpm ## Dependencies # rpm -qp atomrpm --requires (glib2 or kde-cli-tools or xdg-utils) (libcurlso3()(64bit) or libcurlso4()(64bit)) alsa-lib git-core gtk3 libX11-xcbso1()(64bit) libXssso1()(64bit) libgbmso1()(6

Recent Articles

Google Patches Chrome’s Fifth Zero-Day of the Year
Threatpost • Elizabeth Montalbano • 18 Aug 2022

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.
The bug, tracked as CVE-2022-2856 and rated as high on the Common Vulnerability Scoring System (CVSS), is associated with “insufficient validation of untrusted input in Intents,” according to the advisory posted by Google.
Google credits Ashley Shen and Christian Resell of its Google Threat Analys...

IT threat evolution in Q2 2022. Non-mobile statistics
Securelist • AMR • 15 Aug 2022

IT threat evolution in Q2 2022
IT threat evolution in Q2 2022. Non-mobile statistics
IT threat evolution in Q2 2022. Mobile statistics

These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data.
Quarterly figures
According to Kaspersky Security Network, in Q2 2022:

Kaspersky solutions blocked 1,164,544,060 attacks from online resources across the globe.

Google Patches Actively Exploited Chrome Bug
Threatpost • Elizabeth Montalbano • 05 Jul 2022

While people were celebrating the Fourth of July holiday in the United States, Google quietly rolled out a stable channel update for Chrome to patch an actively exploited zero-day vulnerability, the fourth such flaw the vendor has had to patch in its browser product so far this year.
Chrome 103 (103.0.5060.71) for Android and Version 103.0.5060.114 for Windows and Mac, outlined in separate blog posts published Monday, fix a heap buffer overflow flaw in WebRTC, the engine that gives the bro...

Google issues third emergency fix for Chrome this year
The Register • Jeff Burt • 01 Jan 1970

Get our weekly newsletter The latest patch is aimed at a type confusion vulnerability that is actively being exploited

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild.
The emergency updates the company issued this week impact the almost 3 billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi.
It is the third such emergency update Google has had to issue for Chrome this year.
One of the flaws is a type confusion vulnerability trac...

Google Chrome emergency update fixes zero-day used in attacks
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks.
"Google is aware that an exploit for CVE-2022-1364 exists in the wild," Google said in a 
 released today.
While Google states that this Chrome update will roll out in the next few weeks, users can receive it immediately by going into the 

The browser w...