Lucene search

K
cve[email protected]CVE-2022-3201
HistorySep 26, 2022 - 4:15 p.m.

CVE-2022-3201

2022-09-2616:15:13
CWE-20
web.nvd.nist.gov
106
8
cve-2022-3201
insufficient validation
untrusted input
devtools
google chrome
chrome os
navigation restrictions
html page
security vulnerability

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.005

Percentile

77.3%

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)

Affected configurations

Vulners
NVD
Node
googlechromeRange<105.0.5195.125

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Chrome",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "105.0.5195.125",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.005

Percentile

77.3%