Vulnerability DatabaseCVE-2022-0797

CVE-2022-0797:
vulnerability analysis and mitigation

Overview

Out of bounds memory access vulnerability (CVE-2022-0797) was discovered in the Mojo component of Google Chrome versions prior to 99.0.4844.51. The vulnerability was reported by Sergei Glazunov of Google Project Zero on December 21, 2021 (Chrome Release).

Technical details

The vulnerability is classified as a high-severity issue with a CVSS v3.1 base score of 8.8. It is categorized as an Out-of-bounds Write (CWE-787) vulnerability that could allow an attacker to perform an out of bounds memory write via a crafted HTML page. The vulnerability affects multiple operating systems including Windows, macOS, and Linux (NVD).

Impact

The vulnerability could potentially lead to remote code execution through out of bounds memory write operations. The high CVSS score of 8.8 indicates significant potential impact on the confidentiality, integrity, and availability of the affected system (NVD).

Mitigation and workarounds

Google addressed this vulnerability in Chrome version 99.0.4844.51. Users are advised to update to this version or later to mitigate the risk. The fix was released as part of a larger security update that addressed multiple vulnerabilities (Chrome Release, Gentoo Advisory).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a customer? See how Wiz maps CVEs like this one to real cloud attack paths.

Watch 12-min demo

8.8

Score

Published April 5, 2022

Severity HIGH

CNA Score N/A

Has Public Exploit Yes

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 72

Exploitation Probability (EPSS) 0.7

Affected packages and libraries

libQt5PdfWidgets5
libqt5-qtwebengine

Sources

Alpine Security Tracker
- Alpine 3.15 Severity HIGHHas FixAdded at: May 21, 2022
- Alpine 3.16 Severity HIGHHas FixAdded at: May 24, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine 3.23 Severity HIGHHas FixAdded at: Dec 04, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity HIGHNo FixAdded at: Mar 28, 2022
- Debian 11 Severity HIGHHas FixAdded at: Mar 05, 2022
- Debian 12 Severity HIGHHas FixAdded at: Mar 20, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Aug 14, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: Mar 04, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Apr 11, 2022
- Windows Severity HIGHHas FixAdded at: Mar 14, 2022