Lucene search

[email protected]NVD:CVE-2022-4906

HistoryJul 29, 2023 - 12:15 a.m.

CVE-2022-4906

2023-07-2900:15:10

[email protected]

web.nvd.nist.gov

insecure implementation

blink

google chrome

arbitrary read/write

html page

remote attacker

cve-2022-4906

chromium security

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.4%

JSON

Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Affected configurations

NVD

Node

googlechromeRange<108.0.5359.71

References

chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_29.html

crbug.com/1382434

lists.fedoraproject.org/archives/list/[email protected]/message/2LE64KGGOISKPKMYROSDT4K6QFVDIRF6/

lists.fedoraproject.org/archives/list/[email protected]/message/B6SAST6CB5KKCQKH75ER2UQ3ICYPHCIZ/

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.4%

JSON

Related for NVD:CVE-2022-4906

prion1 cve1 veracode1 cvelist1 ubuntucve1 debiancve1 osv2 openvas3 nessus2 fedora2 chrome1 kaspersky1