6.5

CVE-2022-2856

Warnung
Exploit

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 104.0.5112.101
   ApplemacOS Version-
   GoogleAndroid Version-
   LinuxLinux Kernel Version-
FedoraprojectFedora Version37
GoogleChrome Version < 104.0.5112.102
   MicrosoftWindows Version-

18.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium Intents Insufficient Input Validation Vulnerability

Schwachstelle

Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.75% 0.876
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://crbug.com/1345630
Vendor Advisory
Exploit
Mailing List
Issue Tracking