PT-2021-6359 · Google+1 · Google Chrome+1
Maciekpul
·
Published
2021-09-07
·
Updated
2023-01-09
·
CVE-2022-0337
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 97.0.4692.71
Description
The issue is related to an inappropriate implementation in the File System API of Google Chrome on Windows, allowing a remote attacker to obtain potentially sensitive information via a crafted HTML page. This could potentially give access to user environment variables. The severity of this issue is considered high.
Recommendations
For Google Chrome versions prior to 97.0.4692.71, update to version 97.0.4692.71 or later to resolve the issue. As a temporary workaround, consider restricting access to the File System Access API until a patch is applied. Avoid using the
Window.showSaveFilePicker() method in crafted HTML pages until the issue is resolved.Exploit
Fix
Information Disclosure
Exposure of Resource to Wrong Sphere
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Astra Linux
Google Chrome