CVE-2022-1096

ENISA EUVD: EUVD-2022-24439 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 14 articles Published: 2022-07-22

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

37.66%

probability

This CVE has a 37.66% probability of being exploited in the next 30 days.

0% Top 97.3th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

VulnerabilityLookup (CNA)

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Affected Products

Google

Chrome

unspecified

google

chrome

Google

Chrome

unspecified <99.0.4844.84

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-704 · Incorrect Type Conversion CWE-843 · Type Confusion

Google Project Zero

Discovered

March 23, 2022

Patched

March 25, 2022

Reported by

???

Root Cause Analysis

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-1096.html

Exploits & PoC

Mav3r1ck0x1/Chrome-and-Edge-Version-Dumper

Powershell script that dumps Chrome and Edge version to a text file in order to determine if you need to update due to CVE-2022-1096

2 2022-03-30

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://crbug.com/1309225

x_refsource_MISC

https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

x_refsource_MISC

https://security.gentoo.org/glsa/202208-25

vendor-advisory x_refsource_GENTOO

Signal Intelligence

Confidenceⓘ

85%

EPSS 37.66%

CVSS v3.1 8.8

Mentions 14

Last Seen Apr 18, 2023

CNA Information

CNA Assigner

Chrome

Analyst Note

CVE-2022-1096 is a high-severity type confusion vulnerability in Chrome V8 with confirmed Google Project Zero involvement and official vendor patching in version 99.0.4844.84, providing strong evidence of legitimacy. The CVSS 8.8 rating reflects significant heap corruption exploitation potential. While limited public article coverage exists, the combination of Google's acknowledgment, Project Zero research, and official patching strongly validates the confirmed classification.

Threat Actors 3

Cobalt

apt_group Financial crime 🇷🇺 RU

Luna Moth

apt_group

Operation Cobalt Whisper

apt_group Financial crime 🇨🇳 CN

Triage Info

Decided atMar 03, 2026

Published DateJul 22, 2022