CVE-2022-2164Google Chrome vulnerability

7 documents7 sources
Severity
6.3MEDIUMNVD
EPSS
0.2%
top 53.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedJul 28
Latest updateMay 31

Description

Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:LExploitability: 2.8 | Impact: 3.4

Affected Packages6 packages

CVEListV5google/chromeunspecified103.0.5060.53
NVDgoogle/chrome< 103.0.5060.53
debiandebian/chromium< chromium 103.0.5060.53-1 (bookworm)
Debianchromium/chromium< 103.0.5060.53-1~deb11u1+3

Also affects: Fedora 35, 36

🔴Vulnerability Details

2
GHSA
GHSA-wmr8-hj85-r7gq: Inappropriate implementation in Extensions API in Google Chrome prior to 1032022-07-29
OSV
CVE-2022-2164: Inappropriate implementation in Extensions API in Google Chrome prior to 1032022-07-28

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2022-21642022-06-21
Microsoft
Chromium: CVE-2022-2164 Inappropriate implementation in Extensions API2022-06-14
Debian
CVE-2022-2164: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5...2022

📄Research Papers

1
arXiv
Chrowned by an Extension: Abusing the Chrome DevTools Protocol through the Debugger API2023-05-31