CVE-2022-4188 — Injection in Google Chrome
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 69.91%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 30
Latest updateDec 13
Description
Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4