Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-3312
HistoryNov 01, 2022 - 8:15 p.m.

CVE-2022-3312

2022-11-0120:15:21
Debian Security Bug Tracker
security-tracker.debian.org
15
cve-2022-3312
insufficient validation
google chrome
vpn
chromeos
medium severity
physical access restriction
unix

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0

Percentile

15.6%

Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0

Percentile

15.6%