Lucene search

K
debiancveDebian Security Bug TrackerDEBIANCVE:CVE-2022-3656
HistoryNov 01, 2022 - 11:15 p.m.

CVE-2022-3656

2022-11-0123:15:18
Debian Security Bug Tracker
security-tracker.debian.org
29
google chrome
data validation
file system
bypass
remote attacker
html page
security severity
medium
cve-2022-3656
unix

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.5%

Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.5%