VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-mj9e-cjx1-rqah

Essentials
Severities (22)
References (6)
Severity details (5)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-mj9e-cjx1-rqah
Aliases	CVE-2022-4262
Summary	Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Status	Published
Exploitability	2.0
Weighted Severity	7.9
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

System	Score	Found at
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02855	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02932	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.02932	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
epss	0.03442	https://api.first.org/data/v1/epss?cve=CVE-2022-4262
cvssv3.1	8.8	https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
ssvc	Attend	https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html
cvssv3.1	8.8	https://crbug.com/1394403
ssvc	Attend	https://crbug.com/1394403
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2022-4262

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2022-4262
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4262
1394403		https://crbug.com/1394403
cpe:2.3:a:google:chrome::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome::::::::
CVE-2022-4262		https://nvd.nist.gov/vuln/detail/CVE-2022-4262
stable-channel-update-for-desktop.html		https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html

Data source	KEV
Date added	Dec. 5, 2022
Description	Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action	Apply updates per vendor instructions.
Due date	Dec. 26, 2022
Note	https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2022-4262
Ransomware campaign use	Unknown

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:35:25Z/ Found at https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://crbug.com/1394403

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-01-28T21:35:25Z/ Found at https://crbug.com/1394403

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-4262

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.85715
EPSS Score	0.02855
Published At	July 31, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T09:01:42.698109+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.17/community.json	37.0.0