CVE-2022-0108Origin Validation Error in Google Chrome

CWE-346Origin Validation Error13 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 43.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Google ChromeChromiumDebian Chromium+10 more
Timeline
PublishedFeb 12
Latest updateMay 8

Description

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages13 packages

CVEListV5google/chromeunspecified97.0.4692.71
NVDgoogle/chrome< 97.0.4692.71
debiandebian/chromium< chromium 97.0.4692.71-0.1 (bookworm)
debiandebian/wpewebkit< chromium 97.0.4692.71-0.1 (bookworm)

Also affects: Fedora 34, 35, 36

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

2
GHSA
GHSA-mq88-wc55-whqv: Inappropriate implementation in Navigation in Google Chrome prior to 972022-02-13
OSV
CVE-2022-0108: Inappropriate implementation in Navigation in Google Chrome prior to 972022-02-12

📋Vendor Advisories

10
Ubuntu
WebKitGTK vulnerabilities2023-05-08
Apple
CVE-2022-0108: Safari 16.32023-02-13
Apple
CVE-2022-0108: tvOS 16.32023-01-24
Apple
CVE-2022-0108: iOS 16.3 and iPadOS 16.32023-01-23
Apple
CVE-2022-0108: watchOS 9.32023-01-23