CVE-2022-1488Resource Exposure in Google Chrome

CWE-668Resource Exposure8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 51.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeChromiumDebian Chromium+2 more
Timeline
PublishedJul 26
Latest updateJun 18

Description

Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages6 packages

CVEListV5google/chromeunspecified101.0.4951.41
NVDgoogle/chrome< 101.0.4951.41
debiandebian/chromium< chromium 101.0.4951.41-1 (bookworm)
Debianchromium/chromium< 101.0.4951.41-1~deb11u1+3

Patches

Patch: crbug.comPatch: crbug.com

🔴Vulnerability Details

2
GHSA
GHSA-m5hw-3f6m-j7mr: Inappropriate implementation in Extensions API in Google Chrome prior to 1012022-07-27
OSV
CVE-2022-1488: Inappropriate implementation in Extensions API in Google Chrome prior to 1012022-07-26

📋Vendor Advisories

5
Red Hat
kernel: riscv:uprobe fix SR_SPIE set/clear handling2025-06-18
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2022-14882022-07-27
Chrome
Stable Channel Update for Desktop: CVE-2022-14872022-04-26
Microsoft
Chromium: CVE-2022-1488 Inappropriate implementation in Extensions API2022-04-12
Debian
CVE-2022-1488: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4...2022