CVE-2022-1132 — Incorrect Authorization in Google Chrome

CWE-863 — Incorrect Authorization5 documents5 sources

Severity

6.1MEDIUMNVD

CISA7.8

EPSS

0.0%

top 86.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium

Timeline

PublishedJul 23

Latest updateJul 24

Description

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 0.9 | Impact: 5.2

Affected Packages4 packages

▶CVEListV5google/chromeunspecified — 100.0.4896.60

▶NVDgoogle/chrome< 100.0.4896.60

▶debiandebian/chromium< chromium 100.0.4896.60-1 (bookworm)

▶Debianchromium/chromium< 100.0.4896.60-1~deb11u1+3

Patches

Patch: crbug.com ↗Patch: crbug.com ↗

🔴Vulnerability Details

GHSA

GHSA-rjx3-h5w4-7663: Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100↗2022-07-24

▶

OSV

CVE-2022-1132: Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100↗2022-07-23

▶

📋Vendor Advisories

CISA

Microsoft Win32k Privilege Escalation Vulnerability↗2022-03-15

▶

Debian

CVE-2022-1132: chromium - Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS p...↗2022

▶