CVE-2022-3444Improper Input Validation in Google Chrome

CWE-20Improper Input Validation5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 58.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeChromiumDebian Chromium+1 more
Timeline
PublishedNov 1
Latest updateNov 2

Description

Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5google/chromeunspecified106.0.5249.62
NVDgoogle/chrome< 106.0.5249.62
debiandebian/chromium< chromium 106.0.5249.61-1 (bookworm)
Debianchromium/chromium< 106.0.5249.61-1~deb11u1+3

🔴Vulnerability Details

2
GHSA
GHSA-6j7q-8rw3-7c68: Insufficient data validation in File System API in Google Chrome prior to 1062022-11-02
OSV
CVE-2022-3444: Insufficient data validation in File System API in Google Chrome prior to 1062022-11-01

📋Vendor Advisories

2
Chrome
Stable Channel Update for Desktop: CVE-2022-34432022-09-27
Debian
CVE-2022-3444: chromium - Insufficient data validation in File System API in Google Chrome prior to 106.0....2022