CVE-2022-4262
ENISA EUVD: EUVD-2022-51618 ↗
Exploited in the Wild
✓ Confirmed 0-Day
★ Google Project Zero
Triaged: March 3, 2026
7 articles
Published: 2022-12-02
EPSS Score
Source: FIRST.org · 2026-05-23
8.56%
probability
This CVE has a 8.56% probability
of being exploited in the next 30 days.
0%
Top 92.5th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Description
VulnerabilityLookup (CNA)Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Affected Products
Google
Chrome
unspecified
Attack Intelligence
Google Project Zero
Discovered
Nov. 29, 2022
Patched
Dec. 2, 2022
Reported by
Clement Lecigne of Google's Threat Analysis Group
Root Cause Analysis
https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-4262.html
Exploits & PoC
bjrjk/CVE-2022-4262
Full Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8.
107
2025-02-12
58
2024-01-29
0
2024-02-11
3 repos — triés par ⭐
Rechercher sur GitHub ↗
Signal Intelligence
Confidence
92%
EPSS
8.56%
CVSS v3.1
8.8
Mentions
7
Last Seen
Apr 18, 2023
CNA Information
CNA Assigner
Chrome
Analyst Note
This CVE meets confirmed status due to its official Google/Chromium classification with high severity, inclusion in Project Zero research, and corroborating CERT-EU security advisories. The type confusion vulnerability enabling heap corruption has been formally documented and patched in Chrome version 108.0.5359.94.
Triage Info
Decided atMar 03, 2026
Published DateDec 02, 2022