CVE-2022-1364
ENISA EUVD: EUVD-2022-24685 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
13 articles
Published: 2022-07-26
EPSS Score
Source: FIRST.org · 2026-05-23
17.51%
probability
This CVE has a 17.51% probability
of being exploited in the next 30 days.
0%
Top 95.2th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Affected Products
Google
Chrome
unspecified
Attack Intelligence
Google Project Zero
Discovered
April 13, 2022
Patched
April 14, 2022
Reported by
Clément Lecigne of Google's Threat Analysis Group
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-1364.html
Exploits & PoC
interruptlabs/uc_browser_poc_CVE-2022-1364
Proof of concept for CVE-2022-1364 against Alibaba's UC Browser
13
2025-10-16
2
2023-11-22
2 repos — triés par ⭐
Rechercher sur GitHub ↗
https://crbug.com/1315901
x_refsource_MISC
https://security.gentoo.org/glsa/202208-25
vendor-advisory
x_refsource_GENTOO
Signal Intelligence
Confidence
82%
EPSS
17.51%
CVSS v3.1
8.8
Mentions
13
Last Seen
Apr 18, 2023
CNA Information
CNA Assigner
Chrome
Analyst Note
CVE-2022-1364 is a confirmed high-severity type confusion vulnerability in Chrome's V8 engine affecting versions prior to 100.0.4896.127, with validation from Google Project Zero researchers. The CVSS score of 8.8 and official vendor documentation provide strong evidence of legitimacy, though absence from CISA KEV and limited public articles suggest it may not have been actively exploited at scale.
Triage Info
Decided atMar 03, 2026
Published DateJul 26, 2022