CVE-2022-2294
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 5, 2026
12 articles
EPSS Score
Source: FIRST.org · 2026-05-24
1.03%
probability
This CVE has a 1.03% probability
of being exploited in the next 30 days.
0%
Top 77.6th percentile of all CVEs
100%
CVSS score unavailable
Neither CIRCL nor NVD returned a CVSS score for this CVE.
View on VulnerabilityLookup ↗
Description
Project ZeroBuffer overflow in WebRTC
Attack Intelligence
Google Project Zero
Discovered
July 1, 2022
Patched
July 4, 2022
Reported by
Jan Vojtesek from the Avast Threat Intelligence team
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-2294.html
Google Chrome emergency update fixes new zero-day used in attacks
BleepingComputer
Sep 02, 2022
Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability
TheHackerNews
Google Chrome emergency update fixes 9th zero-day of the year
BleepingComputer
Dec 02, 2022
Google fixes fifth Chrome zero-day bug exploited this year
BleepingComputer
Aug 17, 2022
Chrome zero-day used to infect journalists with Candiru spyware
BleepingComputer
Jul 21, 2022
Google pushes emergency Chrome update to fix 8th zero-day in 2022
BleepingComputer
Nov 25, 2022
Google patches new Chrome zero-day flaw exploited in attacks
BleepingComputer
Jul 04, 2022
Google fixes seventh Chrome zero-day exploited in attacks this year
BleepingComputer
Oct 28, 2022
Signal Intelligence
Confidence
95%
EPSS
1.03%
Mentions
12
Last Seen
Dec 02, 2022
CNA Information
Analyst Note
Auto-imported from Google Project Zero — confirmed zero-day by definition.
Threat Actors 1
Leviathan
apt_group
Information theft and espionage
🇨🇳 CN
Triage Info
Decided atMar 05, 2026