CVE-2022-0609

ENISA EUVD: EUVD-2022-1213 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 17 articles Published: 2022-04-04

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

49.0%

probability

This CVE has a 49.0% probability of being exploited in the next 30 days.

0% Top 97.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

6.8

MEDIUM

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected Products

Google

Chrome

unspecified

google

chrome

Google

Chrome

unspecified <98.0.4758.102

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Discovered

Feb. 10, 2022

Patched

Feb. 15, 2022

Reported by

Adam Weidemann and Clément Lecigne of Google's Threat Analysis Group

Root Cause Analysis

???

https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html

x_refsource_MISC

https://crbug.com/1296150

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 49.0%

CVSS v3.1 8.8

Mentions 17

Last Seen Feb 25, 2025

CNA Information

CNA Assigner

Chrome

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 11

Lazarus Group

apt_group Information theft and espionage 🇰🇵 KP

Cobalt

apt_group Financial crime 🇷🇺 RU

APT37

apt_group Information theft and espionage 🇰🇵 KP

Kimsuky

apt_group Information theft and espionage 🇰🇷 KR

Harvester

apt_group Information theft and espionage Unknown

Infy

apt_group Information theft and espionage 🇮🇷 IR

Rocke

apt_group 🇨🇳 CN

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

Mana Team

apt_group 🇨🇳 CN

Operation Shadow Force

apt_group 🇨🇳 CN

Operation Black Atlas

apt_group Financial crime

Triage Info

Decided atMar 05, 2026

Published DateApr 04, 2022