Vulnerability DatabaseCVE-2022-0104

CVE-2022-0104:
vulnerability analysis and mitigation

Overview

CVE-2022-0104 is a heap buffer overflow vulnerability discovered in the ANGLE (Almost Native Graphics Layer Engine) component of Google Chrome versions prior to 97.0.4692.71. The vulnerability was reported on November 25, 2021, and publicly disclosed on January 4, 2022 (Chrome Release, NVD).

Technical details

The vulnerability is classified as a heap buffer overflow in ANGLE, which is a graphics engine abstraction layer used by Google Chrome. The issue could be triggered through a crafted HTML page, potentially leading to heap corruption (NVD). The vulnerability was reported by security researchers Abraruddin Khan and Omair (Chrome Release).

Impact

If successfully exploited, this heap buffer overflow vulnerability could potentially lead to heap corruption, which might result in program crashes or potential code execution. The vulnerability affects Google Chrome installations across multiple platforms (NVD).

Mitigation and workarounds

Google addressed this vulnerability in Chrome version 97.0.4692.71. Users and administrators are advised to update to this version or later to mitigate the risk. The fix was also incorporated into various Linux distributions including Fedora and Debian through their respective security updates (Debian Tracker).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

8.8

Score

Published February 12, 2022

Severity HIGH

CNA Score N/A

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 68.7

Exploitation Probability (EPSS) 0.6

Affected packages and libraries

chromedriver
opera

Sources

Alpine Security Tracker
- Alpine 3.15 Severity HIGHHas FixAdded at: Mar 09, 2022
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity HIGHNo FixAdded at: Mar 28, 2022
- Debian 11 Severity HIGHHas FixAdded at: Jan 15, 2022
- Debian 12 Severity HIGHHas FixAdded at: Jan 29, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Jan 07, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Feb 18, 2022
- Windows Severity HIGHHas FixAdded at: Jan 19, 2022