Login Sign Up

CVE-2022-4912

8.8 HIGH

📋 TL;DR

This vulnerability is a type confusion flaw in Chrome's MathML implementation that allows a remote attacker to trigger heap corruption via a malicious HTML page. Successful exploitation could lead to arbitrary code execution. All users running vulnerable Chrome versions are affected.

💻 Affected Systems

Products:
  • Google Chrome
  • Chromium-based browsers
Versions: Versions prior to 105.0.5195.52
Operating Systems: Windows, macOS, Linux, Android, iOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default Chrome configurations are vulnerable. Other browsers using Chromium may also be affected.

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the Chrome process, potentially leading to full system compromise.

🟠

Likely Case

Browser crash (denial of service) or limited code execution within the sandboxed renderer process.

🟢

If Mitigated

No impact if Chrome is fully patched or if exploit attempts are blocked by security controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting a malicious page). No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 105.0.5195.52

Vendor Advisory: https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html

Restart Required: Yes

Instructions:

1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and apply updates. 4. Restart Chrome when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents execution of malicious scripts that could trigger the vulnerability.

Use browser extensions to block malicious sites

all

Extensions like uBlock Origin or NoScript can block potentially malicious content.

🧯 If You Can't Patch

  • Restrict access to untrusted websites using network filtering or proxy rules.
  • Implement application allowlisting to prevent unauthorized browser execution.

🔍 How to Verify

Check if Vulnerable:

Check Chrome version: if below 105.0.5195.52, it is vulnerable.

Check Version:

chrome://version/

Verify Fix Applied:

Confirm Chrome version is 105.0.5195.52 or higher.

📡 Detection & Monitoring

Log Indicators:

  • Chrome crash reports
  • Unexpected process terminations in system logs

Network Indicators:

  • HTTP requests to known malicious domains hosting exploit code

SIEM Query:

source="chrome" AND (event="crash" OR event="process_termination")

📊 Metadata

CVE ID: CVE-2022-4912
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-843
Published: July 29, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-4912, you might also want to check these:

CVE-2025-47151 9.8

A type confusion vulnerability in Entr'ouvert Lasso's SAML parsing allows remote code execution when...

Same vulnerability type (CWE-843)
CVE-2025-65570 9.8

A type confusion vulnerability in jsish 2.0 allows incorrect control flow during execution of the OP...

Same vulnerability type (CWE-843)
CVE-2020-25575 9.8

This vulnerability in the Rust failure crate (versions through 0.1.5) involves a type confusion flaw...

Same vulnerability type (CWE-843)