6.5

CVE-2022-2856

Warning
Exploit

Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.

Data is provided by the National Vulnerability Database (NVD)
GoogleChrome Version < 104.0.5112.101
   ApplemacOS Version-
   GoogleAndroid Version-
   LinuxLinux Kernel Version-
FedoraprojectFedora Version37
GoogleChrome Version < 104.0.5112.102
   MicrosoftWindows Version-

18.08.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Google Chromium Intents Insufficient Input Validation Vulnerability

Vulnerability

Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Description

Apply updates per vendor instructions.

Required actions
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 3.75% 0.876
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://crbug.com/1345630
Vendor Advisory
Exploit
Mailing List
Issue Tracking