CVE-2022-2856

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 9 articles

VulnLookup ↗ NVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-24

3.3%

probability

This CVE has a 3.3% probability of being exploited in the next 30 days.

0% Top 87.4th percentile of all CVEs 100%

CVSS score unavailable

Neither CIRCL nor NVD returned a CVSS score for this CVE. View on VulnerabilityLookup ↗

Description

Project Zero

Insufficient validation of untrusted input in Intents

Attack Intelligence

CWE-20 · Improper Input Validation CWE-707 · Improper Neutralization

Google Project Zero

Discovered

July 19, 2022

Patched

Aug. 16, 2022

Reported by

Ashley Shen and Christian Resell of Google Threat Analysis Group

Root Cause Analysis

???

Google Chrome emergency update fixes new zero-day used in attacks

BleepingComputer Sep 02, 2022

Google Rolls Out New Chrome Browser Update to Patch Yet Another Zero-Day Vulnerability

TheHackerNews

Google Releases Urgent Chrome Update to Patch New Zero-Day Vulnerability

TheHackerNews

Google Chrome emergency update fixes 9th zero-day of the year

BleepingComputer Dec 02, 2022

September 2022 Patch Tuesday | Microsoft Releases 63 Vulnerabilities With 5 Critical, Plus 16 Microsoft Edge (Chromium-Based); Adobe Releases 7 Advisories, 63 Vulnerabilities With 35 Critical.

Qualys Sep 13, 2022

Google fixes fifth Chrome zero-day bug exploited this year

BleepingComputer Aug 17, 2022

CISA Adds 7 New Actively Exploited Vulnerabilities to Catalog

TheHackerNews

Google pushes emergency Chrome update to fix 8th zero-day in 2022

BleepingComputer Nov 25, 2022

Google fixes seventh Chrome zero-day exploited in attacks this year

BleepingComputer Oct 28, 2022

Signal Intelligence

Confidenceⓘ

95%

EPSS 3.3%

Mentions 9

Last Seen Dec 02, 2022

CNA Information

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Triage Info

Decided atMar 05, 2026