CVE-2022-3201Improper Input Validation in Google Chrome

CWE-20Improper Input Validation6 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 73.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Google ChromeChromiumDebian Chromium+3 more
Timeline
PublishedSep 26
Latest updateSep 27

Description

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages5 packages

CVEListV5google/chromeunspecified105.0.5195.125
NVDgoogle/chrome< 105.0.5195.125
debiandebian/chromium< chromium 106.0.5249.61-1 (bookworm)
Debianchromium/chromium< 106.0.5249.61-1~deb11u1+3

Also affects: Debian Linux 11.0, Fedora 37

🔴Vulnerability Details

2
GHSA
GHSA-3qqv-xxhx-9ggc: Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 1052022-09-27
OSV
CVE-2022-3201: Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 1052022-09-26

📋Vendor Advisories

3
Chrome
Stable Channel Update for Desktop: CVE-2022-33042022-09-27
Chrome
Stable Channel Update for Desktop: CVE-2022-38422022-09-14
Debian
CVE-2022-3201: chromium - Insufficient validation of untrusted input in DevTools in Google Chrome on Chrom...2022