GSD-2022-0609
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-0609",
"description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2022-0609",
"references": [
"https://www.suse.com/security/cve/CVE-2022-0609.html",
"https://www.debian.org/security/2022/dsa-5079"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-0609"
],
"details": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
"id": "GSD-2022-0609",
"modified": "2023-12-13T01:19:11.544197Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cisa.gov": {
"cveID": "CVE-2022-0609",
"dateAdded": "2022-02-15",
"dueDate": "2022-03-01",
"product": "Chrome",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.",
"vendorProject": "Google",
"vulnerabilityName": "Google Chrome Use-After-Free Vulnerability"
},
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "chrome-cve-admin@google.com",
"ID": "CVE-2022-0609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "98.0.4758.102"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use after free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html"
},
{
"name": "https://crbug.com/1296150",
"refsource": "MISC",
"url": "https://crbug.com/1296150"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-141",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-141",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.Common.NETCore",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "f21ce696-a582-4662-a74f-1c3da50cb010"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-140",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-140",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.Common",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "dc998236-b567-4d05-ae9e-dc2deb156f62"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-143",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-143",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.OffScreen.NETCore",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "d15e5ee8-049c-4c21-9aea-558fa66dfdef"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-142",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-142",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.OffScreen",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "8993ad12-aa3b-4f89-866b-2397ee3f9620"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-145",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-145",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.WinForms.NETCore",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "b1bee84c-b276-4cd5-b34a-df5c51b449f9"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-144",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-144",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.WinForms",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "2108fe65-c95f-4828-b62f-334c37f9f080"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-147",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-147",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.Wpf.HwndHost",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "7c495f00-397a-4899-8120-5234fbceb112"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "Use after free in Animation. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-148",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-148",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.Wpf.NETCore",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "9986d0e6-fd94-459d-882a-0b8ebd15ffc7"
},
{
"affected_range": "(,98.1.190]",
"affected_versions": "All versions up to 98.1.190",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-02-26",
"description": "Use after free in Animation. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
"fixed_versions": [
"98.1.210"
],
"identifier": "GMS-2022-146",
"identifiers": [
"GHSA-vv6j-ww6x-54gx",
"GMS-2022-146",
"CVE-2022-0609"
],
"not_impacted": "All versions after 98.1.190",
"package_slug": "nuget/CefSharp.Wpf",
"pubdate": "2022-02-22",
"solution": "Upgrade to version 98.1.210 or above.",
"title": "Use after free in Animation",
"urls": [
"https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
"https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
],
"uuid": "32777be2-f4dd-4db7-894b-12501d675367"
}
]
},
"nvd.nist.gov": {
"cve": {
"cisaActionDue": "2022-03-01",
"cisaExploitAdd": "2022-02-15",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Google Chromium Animation Use-After-Free Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6456EA3-0801-4B8A-82A4-25EE298A18C2",
"versionEndExcluding": "98.0.4758.102",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
},
{
"lang": "es",
"value": "Un uso de memoria previamente liberada en Animation en Google Chrome versiones anteriores a 98.0.4758.102, permit\u00eda a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
}
],
"id": "CVE-2022-0609",
"lastModified": "2024-02-15T02:00:01.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-05T00:15:17.680",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://crbug.com/1296150"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…