gsd-2022-0609
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2022-0609",
    "description": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
    "id": "GSD-2022-0609",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-0609.html",
      "https://www.debian.org/security/2022/dsa-5079"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-0609"
      ],
      "details": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.",
      "id": "GSD-2022-0609",
      "modified": "2023-12-13T01:19:11.544197Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2022-0609",
      "dateAdded": "2022-02-15",
      "dueDate": "2022-03-01",
      "product": "Chrome",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "The vulnerability exists due to a use-after-free error within the Animation component in Google Chrome.",
      "vendorProject": "Google",
      "vulnerabilityName": "Google Chrome Use-After-Free Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "chrome-cve-admin@google.com",
        "ID": "CVE-2022-0609",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Chrome",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "98.0.4758.102"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Google"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use after free"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html",
            "refsource": "MISC",
            "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html"
          },
          {
            "name": "https://crbug.com/1296150",
            "refsource": "MISC",
            "url": "https://crbug.com/1296150"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-141",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-141",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.Common.NETCore",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "f21ce696-a582-4662-a74f-1c3da50cb010"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-140",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-140",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.Common",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "dc998236-b567-4d05-ae9e-dc2deb156f62"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-143",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-143",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.OffScreen.NETCore",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "d15e5ee8-049c-4c21-9aea-558fa66dfdef"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-142",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-142",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.OffScreen",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "8993ad12-aa3b-4f89-866b-2397ee3f9620"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-145",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-145",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.WinForms.NETCore",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "b1bee84c-b276-4cd5-b34a-df5c51b449f9"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-144",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-144",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.WinForms",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "2108fe65-c95f-4828-b62f-334c37f9f080"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-147",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-147",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.Wpf.HwndHost",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "7c495f00-397a-4899-8120-5234fbceb112"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "Use after free in Animation. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-148",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-148",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.Wpf.NETCore",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "9986d0e6-fd94-459d-882a-0b8ebd15ffc7"
        },
        {
          "affected_range": "(,98.1.190]",
          "affected_versions": "All versions up to 98.1.190",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-02-26",
          "description": "Use after free in Animation. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. It demands that the victim is doing some kind of user interaction. Technical details are unknown but an exploit is available.\n\nThere is currently little other public information on the issue other than it has been flagged as `High` severity.",
          "fixed_versions": [
            "98.1.210"
          ],
          "identifier": "GMS-2022-146",
          "identifiers": [
            "GHSA-vv6j-ww6x-54gx",
            "GMS-2022-146",
            "CVE-2022-0609"
          ],
          "not_impacted": "All versions after 98.1.190",
          "package_slug": "nuget/CefSharp.Wpf",
          "pubdate": "2022-02-22",
          "solution": "Upgrade to version 98.1.210 or above.",
          "title": "Use after free in Animation",
          "urls": [
            "https://github.com/cefsharp/CefSharp/security/advisories/GHSA-vv6j-ww6x-54gx",
            "https://github.com/advisories/GHSA-vv6j-ww6x-54gx"
          ],
          "uuid": "32777be2-f4dd-4db7-894b-12501d675367"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2022-03-01",
        "cisaExploitAdd": "2022-02-15",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Google Chromium Animation Use-After-Free Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D6456EA3-0801-4B8A-82A4-25EE298A18C2",
                    "versionEndExcluding": "98.0.4758.102",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Use after free in Animation in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
          },
          {
            "lang": "es",
            "value": "Un uso de memoria previamente liberada en Animation en Google Chrome versiones anteriores a 98.0.4758.102, permit\u00eda a un atacante remoto explotar potencialmente una corrupci\u00f3n de la pila por medio de una p\u00e1gina HTML dise\u00f1ada"
          }
        ],
        "id": "CVE-2022-0609",
        "lastModified": "2024-02-15T02:00:01.650",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 8.6,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": true
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-04-05T00:15:17.680",
        "references": [
          {
            "source": "chrome-cve-admin@google.com",
            "tags": [
              "Release Notes",
              "Vendor Advisory"
            ],
            "url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html"
          },
          {
            "source": "chrome-cve-admin@google.com",
            "tags": [
              "Issue Tracking",
              "Vendor Advisory"
            ],
            "url": "https://crbug.com/1296150"
          }
        ],
        "sourceIdentifier": "chrome-cve-admin@google.com",
        "vulnStatus": "Analyzed",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-416"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.