Vulnerability DatabaseCVE-2022-0470

CVE-2022-0470:
vulnerability analysis and mitigation

Overview

Out of bounds memory access vulnerability (CVE-2022-0470) was discovered in V8 engine of Google Chrome versions prior to 98.0.4758.80. The vulnerability allowed remote attackers to potentially exploit heap corruption through a specially crafted HTML page. The issue was reported on November 11, 2021, and was patched in the Chrome stable channel update released on February 1, 2022 (Chrome Release).

Technical details

The vulnerability is classified as an Out-of-bounds Write (CWE-787) with a CVSS v3.1 base score of 8.8 (HIGH). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring no privileges (PR:N) but does need user interaction (UI:R). The scope is unchanged (S:U) with high impact on confidentiality, integrity, and availability (C:H/I:H/A:H) (NVD).

Impact

The vulnerability could lead to heap corruption if successfully exploited, potentially allowing attackers to execute arbitrary code within the context of the browser. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability (NVD).

Mitigation and workarounds

Google addressed this vulnerability in Chrome version 98.0.4758.80. Users are advised to update their Chrome browser to this version or later to mitigate the risk. The fix was included in a security update that addressed multiple vulnerabilities (Chrome Release).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

8.8

Score

Published April 5, 2022

Severity HIGH

CNA Score N/A

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 52.3

Exploitation Probability (EPSS) 0.3

Affected packages and libraries

www-client/chromium
www-client/google-chrome

Sources

Alpine Security Tracker
- Alpine 3.15 Severity HIGHHas FixAdded at: Mar 28, 2022
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity HIGHNo FixAdded at: Mar 28, 2022
- Debian 11 Severity HIGHHas FixAdded at: Feb 08, 2022
- Debian 12 Severity HIGHHas FixAdded at: Feb 07, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Jul 24, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Feb 09, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Apr 11, 2022
- Windows Severity HIGHHas FixAdded at: Feb 07, 2022