CVE-2022-0461 — Resource Exposure in Google Chrome

CWE-668 — Resource Exposure19 documents6 sources

Severity

6.5MEDIUMNVD

OSV8.8OSV7.8OSV6.7OSV6.4OSV5.5OSV2.5

EPSS

0.1%

top 79.55%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Linux Kernel +3 more

Timeline

PublishedApr 5

Latest updateApr 11

Description

Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to bypass iframe sandbox via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages7 packages

▶CVEListV5google/chromeunspecified — 98.0.4758.80

▶NVDgoogle/chrome< 98.0.4758.80

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 98.0.4758.80-1 (bookworm)

▶Debianchromium/chromium< 98.0.4758.80-1~deb11u1+3

🔴Vulnerability Details

OSV

linux-gcp vulnerabilities↗2023-04-11

▶

OSV

linux-bluefield vulnerabilities↗2023-04-05

▶

OSV

linux-oem-5.14, linux-oem-5.17 vulnerabilities↗2023-03-27

▶

OSV

linux-ibm, linux-ibm-5.4 vulnerabilities↗2023-03-14

▶

OSV

linux-raspi-5.4 vulnerabilities↗2023-03-09

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2022-0461 Policy bypass in COOP↗2022-02-08

▶

Chrome

Stable Channel Update for Desktop: CVE-2022-0459↗2022-02-01

▶

Debian

CVE-2022-0461: chromium - Policy bypass in COOP in Google Chrome prior to 98.0.4758.80 allowed a remote at...↗2022

▶