Lucene search

K

[email protected]CVE-2022-0108

HistoryFeb 12, 2022 - 12:15 a.m.

CVE-2022-0108

2022-02-1200:15:00

CWE-346

[email protected]

web.nvd.nist.gov

105

cve-2022-0108

google chrome

navigation

security vulnerability

cross-origin data

remote code execution

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.0%

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CPENameOperatorVersion
google:chromegoogle chromelt97.0.4692.71
fedoraproject:fedorafedoraproject fedoraeq34
fedoraproject:fedorafedoraproject fedoraeq35
fedoraproject:fedorafedoraproject fedoraeq36

References

www.openwall.com/lists/oss-security/2023/04/21/3

chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

crbug.com/1248444

lists.debian.org/debian-lts-announce/2023/05/msg00011.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/

www.debian.org/security/2023/dsa-5396

www.debian.org/security/2023/dsa-5397

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

6.2 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.007 Low

EPSS

Percentile

80.0%

Related for CVE-2022-0108

cnvd1 alpinelinux1 mscve1 debiancve1 prion1 ubuntucve1 veracode1 cvelist1 osv5 openvas22 debian4 nessus18 apple5 fedora6 ubuntu1 mageia2 suse3 freebsd1 hivepro1 kaspersky2 chrome1 hp1 rapid7blog1 gentoo1