Lucene search

K
mscveMicrosoftMS:CVE-2022-1096
HistoryMar 26, 2022 - 7:00 a.m.

Chromium: CVE-2022-1096 Type Confusion in V8

2022-03-2607:00:00
Microsoft
msrc.microsoft.com
1067
chromium
type confusion
v8
cve-2022-1096
google
microsoft edge

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.014

Percentile

86.5%

This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.

Google is aware that an exploit for CVE-2022-1096 exists in the wild.

Affected configurations

Vulners
Node
microsoftvisual_studio_2022Range<17.1.7
OR
microsoftvisual_studio_2022Range<17.0.10
OR
microsoftedge_chromiumRange<99.0.1150.55
VendorProductVersionCPE
microsoftvisual_studio_2022*cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
microsoftedge_chromium*cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.014

Percentile

86.5%