CVE-2022-1500Improper Input Validation in Google Chrome

CWE-20Improper Input ValidationCWE-1333Regex Denial of ServiceCWE-400Uncontrolled Resource Consumption7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 51.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedJul 26
Latest updateJul 27

Description

Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

CVEListV5google/chromeunspecified101.0.4951.41
NVDgoogle/chrome< 101.0.4951.41
debiandebian/chromium< chromium 101.0.4951.41-1 (bookworm)
npmmarked_project/marked< 4.0.10

🔴Vulnerability Details

3
GHSA
GHSA-v5pv-pxh3-g9pr: Insufficient data validation in Dev Tools in Google Chrome prior to 1012022-07-27
OSV
CVE-2022-1500: Insufficient data validation in Dev Tools in Google Chrome prior to 1012022-07-26
GHSA
Inefficient Regular Expression Complexity in marked2022-01-14

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2022-14982022-04-26
Microsoft
Chromium: CVE-2022-1500 Insufficient data validation in Dev Tools2022-04-12
Debian
CVE-2022-1500: chromium - Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.4...2022