CVE-2022-3201

EPSS 0.11%
Veröffentlicht 26.09.2022 16:15:13
Zuletzt bearbeitet 21.11.2024 07:19:02
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

Insufficient validation of untrusted input in DevTools in Google Chrome on Chrome OS prior to 105.0.5195.125 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: High)

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 105.0.5195.125

Google ≫ Chrome Os Version-

Fedoraproject ≫ Fedora Version37

Debian ≫ Debian Linux Version11.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.303

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.4	2.8	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/

Third Party Advisory

Mailing List

https://security.gentoo.org/glsa/202311-11

https://security.gentoo.org/glsa/202209-23

Third Party Advisory

https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html

Third Party Advisory

https://crbug.com/1343104

Vendor Advisory

Permissions Required

https://security.gentoo.org/glsa/202210-16