Platform
chrome
Component
angle
Fixed in
97.0.4692.71
CVE-2022-0104 describes a heap buffer overflow vulnerability discovered in ANGLE, a graphics translation library used by Google Chrome. This flaw allows a remote attacker to potentially corrupt memory through a specially crafted HTML page. The vulnerability affects Chrome versions up to 97.0.4692.71, and a fix is available in version 97.0.4692.71.
Successful exploitation of CVE-2022-0104 could allow an attacker to execute arbitrary code on the victim's system. This could involve gaining control of the browser process, potentially leading to complete system compromise. The attack vector involves enticing a user to visit a malicious HTML page, making it a potentially widespread threat. Heap corruption vulnerabilities are often difficult to defend against, and can lead to unpredictable behavior and system instability, making this a high-impact issue.
CVE-2022-0104 was published on February 11, 2022. There are currently no publicly available exploits or active campaigns targeting this vulnerability. The vulnerability is tracked by the NVD and CISA. While no exploitation has been observed, the potential for heap corruption makes it a significant security concern.
Exploit Status
EPSS
0.56% (68% percentile)
The primary mitigation for CVE-2022-0104 is to immediately upgrade to Google Chrome version 97.0.4692.71 or later. If upgrading is not immediately possible due to compatibility issues or testing requirements, consider implementing Content Security Policy (CSP) directives to restrict the execution of inline scripts and other potentially malicious content. While a WAF or proxy cannot directly prevent this heap overflow, it can help mitigate the risk by blocking access to known malicious domains or filtering suspicious HTML content. After upgrading, confirm the fix by visiting a trusted website and verifying that Chrome is running the updated version (chrome://version).
Update Google Chrome to version 97.0.4692.71 or later. This update fixes a buffer overflow vulnerability in ANGLE that could allow a remote attacker to execute arbitrary code through a manipulated HTML page.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2022-0104 is a heap buffer overflow vulnerability in Google Chrome versions prior to 97.0.4692.71. A crafted HTML page can trigger heap corruption, potentially leading to arbitrary code execution.
You are affected if you are using Google Chrome versions prior to 97.0.4692.71. Check your Chrome version by typing 'chrome://version' in the address bar.
Upgrade to Google Chrome version 97.0.4692.71 or later. Chrome typically updates automatically, but you can manually check for updates in the Chrome settings.
Currently, there are no publicly known active exploits or campaigns targeting CVE-2022-0104, but the potential for heap corruption warrants prompt mitigation.
You can find the official Google security advisory for CVE-2022-0104 on the Google Security Blog: https://security.googleblog.com/2022/02/chrome-update-for-security-vulnerabilities.html
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.