CVE-2022-1128 — Path Traversal in Google Chrome

CWE-22 — Path Traversal CWE-668 — Resource Exposure6 documents6 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 39.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium +2 more

Timeline

PublishedJul 23

Latest updateJul 24

Description

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5google/chromeunspecified — 100.0.4896.60

▶NVDgoogle/chrome< 100.0.4896.60

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 100.0.4896.60-1 (bookworm)

▶Debianchromium/chromium< 100.0.4896.60-1~deb11u1+3

Patches

Patch: crbug.com ↗Patch: crbug.com ↗

🔴Vulnerability Details

GHSA

GHSA-x92g-6c25-c2jv: Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100↗2022-07-24

▶

OSV

CVE-2022-1128: Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100↗2022-07-23

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2022-1128 Inappropriate implementation in Web Share API↗2022-04-12

▶

Chrome

Stable Channel Update for Desktop: CVE-2022-1125↗2022-03-29

▶

Debian

CVE-2022-1128: chromium - Inappropriate implementation in Web Share API in Google Chrome on Windows prior ...↗2022

▶