Login Sign Up

CVE-2022-1364

8.8 HIGH

📋 TL;DR

This is a type confusion vulnerability in Chrome's V8 JavaScript engine that could allow an attacker to execute arbitrary code or cause heap corruption. It affects users running Chrome versions before 100.0.4896.127 who visit malicious websites.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: All versions prior to 100.0.4896.127
Operating Systems: Windows, macOS, Linux, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default Chrome configurations are vulnerable. Chromium-based browsers may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or ransomware deployment

🟠

Likely Case

Browser crash, memory corruption, or limited code execution within sandbox constraints

🟢

If Mitigated

No impact if Chrome is updated or if exploit attempts are blocked by security controls

🌐 Internet-Facing: HIGH - Exploitable via visiting malicious websites without authentication
🏢 Internal Only: MEDIUM - Requires user interaction but could be exploited via internal phishing

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user to visit malicious website. Type confusion vulnerabilities in V8 have historically been exploited in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 100.0.4896.127 and later

Vendor Advisory: https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html

Restart Required: Yes

Instructions:

1. Open Chrome 2. Click menu (three dots) → Help → About Google Chrome 3. Chrome will automatically check for and install updates 4. Click 'Relaunch' to restart Chrome

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents exploitation by disabling JavaScript execution

Use Chrome Enterprise policies

all

Restrict browser extensions and enforce security policies

🧯 If You Can't Patch

  • Use alternative browser temporarily
  • Implement web filtering to block known malicious sites

🔍 How to Verify

Check if Vulnerable:

Check Chrome version in Settings → About Chrome. If version is below 100.0.4896.127, system is vulnerable.

Check Version:

chrome://version/ or 'google-chrome --version' on Linux

Verify Fix Applied:

Confirm Chrome version is 100.0.4896.127 or higher in Settings → About Chrome

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports
  • Unexpected process termination
  • Memory access violation logs

Network Indicators:

  • Requests to known exploit domains
  • Suspicious JavaScript execution patterns

SIEM Query:

source="chrome" AND (event="crash" OR event="memory_violation") AND version<"100.0.4896.127"

📊 Metadata

CVE ID: CVE-2022-1364
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: July 26, 2022
Last Updated: October 24, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-1364, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)