CVE-2022-0108
published 2022-02-12CVE-2022-0108: Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
PriorityP429medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
1.17%
63.6th percentile
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_16.3_and_ipados | — | — |
| apple | macos_ventura | — | — |
| apple | safari | — | — |
| apple | tvos | — | — |
| apple | watchos | — | — |
| chromium | chromium | >= 0 < 97.0.4692.71-0.1~deb11u1 | 97.0.4692.71-0.1~deb11u1 |
| chromium | chromium | >= 0 < 97.0.4692.71-0.1 | 97.0.4692.71-0.1 |
| chromium | chromium | >= 0 < 97.0.4692.71-0.1 | 97.0.4692.71-0.1 |
| chromium | chromium | >= 0 < 97.0.4692.71-0.1 | 97.0.4692.71-0.1 |
| debian | chromium | < chromium 97.0.4692.71-0.1 (bookworm) | chromium 97.0.4692.71-0.1 (bookworm) |
| debian | webkit2gtk | < chromium 97.0.4692.71-0.1 (bookworm) | chromium 97.0.4692.71-0.1 (bookworm) |
| debian | wpewebkit | < chromium 97.0.4692.71-0.1 (bookworm) | chromium 97.0.4692.71-0.1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| chrome | < 97.0.4692.71 | 97.0.4692.71 | |
| chrome | >= unspecified < 97.0.4692.71 | 97.0.4692.71 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2023-05-08
CVE-2023-27932 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Apple
CVE-2022-0108: Safari 16.3
vendor_apple·2023-02-13·CVSS 6.5
CVE-2022-0108 [MEDIUM] CVE-2022-0108: Safari 16.3
Apple Security Update: About the security content of Safari 16.3
Product: Safari
Version: 16.3
CVE: CVE-2022-0108
Component: CVE-2022-0108
Apple
CVE-2022-0108: tvOS 16.3
vendor_apple·2023-01-24·CVSS 6.5
CVE-2022-0108 [MEDIUM] CVE-2022-0108: tvOS 16.3
Apple Security Update: About the security content of tvOS 16.3
Product: tvOS
Version: 16.3
CVE: CVE-2022-0108
Component: WebKit
Impact: An HTML document may be able to render iframes with sensitive user information
Description: This issue was addressed with improved iframe sandbox enforcement.
Apple
CVE-2022-0108: iOS 16.3 and iPadOS 16.3
vendor_apple·2023-01-23·CVSS 6.5
CVE-2022-0108 [MEDIUM] CVE-2022-0108: iOS 16.3 and iPadOS 16.3
Apple Security Update: About the security content of iOS 16.3 and iPadOS 16.3
Product: iOS 16.3 and iPadOS
Version: 16.3
CVE: CVE-2022-0108
Component: WebKit
Impact: An HTML document may be able to render iframes with sensitive user information
Description: This issue was addressed with improved iframe sandbox enforcement.
Apple
CVE-2022-0108: watchOS 9.3
vendor_apple·2023-01-23·CVSS 6.5
CVE-2022-0108 [MEDIUM] CVE-2022-0108: watchOS 9.3
Apple Security Update: About the security content of watchOS 9.3
Product: watchOS
Version: 9.3
CVE: CVE-2022-0108
Component: WebKit
Impact: An HTML document may be able to render iframes with sensitive user information
Description: This issue was addressed with improved iframe sandbox enforcement.
Apple
CVE-2022-0108: macOS Ventura 13.2
vendor_apple·2023-01-23·CVSS 6.5
CVE-2022-0108 [MEDIUM] CVE-2022-0108: macOS Ventura 13.2
Apple Security Update: About the security content of macOS Ventura 13.2
Product: macOS Ventura
Version: 13.2
CVE: CVE-2022-0108
Component: WebKit
Impact: An HTML document may be able to render iframes with sensitive user information
Description: This issue was addressed with improved iframe sandbox enforcement.
Microsoft
Chromium: CVE-2022-0108 Inappropriate implementation in Navigation
vendor_msrc·2022-01-11·CVSS 6.5
CVE-2022-0108 [MEDIUM] Chromium: CVE-2022-0108 Inappropriate implementation in Navigation
Chromium: CVE-2022-0108 Inappropriate implementation in Navigation
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: What is the version information for this release?
Microsoft Edge Version
Date Released
Based on Chromium Version
97.0.1072.55
1/6/2022
97.0.4692.71
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the b
Chrome
Stable Channel Update for Desktop: CVE-2022-0106
vendor_chrome·2022-01-04·CVSS 8.8
CVE-2022-0106 [HIGH] Stable Channel Update for Desktop: CVE-2022-0106
Stable Channel Update for Desktop
CVE-2022-0106: Use after free in Autofill. Reported by Khalil Zhani on 2021-12-10 [$10000][ 1248438 ] Medium CVE-2022-0107: Use after free in File Manager API
Reported by raven (@raid_akame) on 2021-09-10 [$5000][ 1248444 ] Medium CVE-2022-0108: Inappropriate implementation in Navigation
Severity: high
Red Hat
chromium-browser: Inappropriate implementation in Navigation
vendor_redhat·2022-01-04·CVSS 6.5
CVE-2022-0108 [MEDIUM] chromium-browser: Inappropriate implementation in Navigation
chromium-browser: Inappropriate implementation in Navigation
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Debian
CVE-2022-0108: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.7...
vendor_debian·2022·CVSS 6.5
CVE-2022-0108 [MEDIUM] CVE-2022-0108: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.7...
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Scope: local
bookworm: resolved (fixed in 97.0.4692.71-0.1)
bullseye: resolved (fixed in 97.0.4692.71-0.1~deb11u1)
forky: resolved (fixed in 97.0.4692.71-0.1)
sid: resolved (fixed in 97.0.4692.71-0.1)
trixie: resolved (fixed in 97.0.4692.71-0.1)
GHSA
GHSA-mq88-wc55-whqv: Inappropriate implementation in Navigation in Google Chrome prior to 97
ghsa_unreviewed·2022-02-13
CVE-2022-0108 [MEDIUM] CWE-346 GHSA-mq88-wc55-whqv: Inappropriate implementation in Navigation in Google Chrome prior to 97
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
OSV
CVE-2022-0108: Inappropriate implementation in Navigation in Google Chrome prior to 97
osv·2022-02-12·CVSS 6.5
CVE-2022-0108 [MEDIUM] CVE-2022-0108: Inappropriate implementation in Navigation in Google Chrome prior to 97
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2023/04/21/3https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.htmlhttps://crbug.com/1248444https://lists.debian.org/debian-lts-announce/2023/05/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/https://www.debian.org/security/2023/dsa-5396https://www.debian.org/security/2023/dsa-5397http://www.openwall.com/lists/oss-security/2023/04/21/3https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.htmlhttps://crbug.com/1248444https://lists.debian.org/debian-lts-announce/2023/05/msg00011.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/https://www.debian.org/security/2023/dsa-5396https://www.debian.org/security/2023/dsa-5397
2022-02-12
Published