CVE-2022-0108

Description

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.33%• Percentile: 56%

Techniques & Countermeasures

• CWE-346•Origin Validation Error

  The product does not properly verify that the source of data or communication is valid.

Affected Systems

• fedoraproject•fedora

  34 | 35 | 36

• Unknown•Chrome

  < 97.0.4692.71 | ≥ unspecified, < 97.0.4692.71

References (12)

• https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
• https://crbug.com/1248444
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
• http://www.openwall.com/lists/oss-security/2023/04/21/3
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/
• https://www.debian.org/security/2023/dsa-5397
• https://www.debian.org/security/2023/dsa-5396
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/
• https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html