Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-3201
HistorySep 26, 2022 - 4:15 p.m.

CVE-2022-3201

2022-09-2616:15:13
Debian Security Bug Tracker
security-tracker.debian.org
27
cve-2022-3201
google chrome
devtools
insufficient validation
chrome os
malicious extension
html page
navigation restrictions
chromium security

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.005

Percentile

77.3%

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

EPSS

0.005

Percentile

77.3%