PT-2022-2112 · Google+4 · Google Chrome+4
Thomas Orlita
·
Published
2022-01-18
·
Updated
2024-06-15
·
CVE-2022-1137
CVSS v2.0
9.4
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 100.0.4896.60
Microsoft Edge (affected versions not specified)
Description
The issue is related to an inappropriate implementation in the Extensions component of Google Chrome and Microsoft Edge browsers, which may allow an attacker to leak potentially sensitive information via a crafted HTML page. This can occur if a user is convinced to install a malicious extension. The vulnerability is related to incorrectly implemented security checks for standard elements, potentially allowing a remote attacker to gain unauthorized access to protected information or cause a denial of service using a specially crafted web page.
Recommendations
For Google Chrome versions prior to 100.0.4896.60, update to version 100.0.4896.60 or later to resolve the issue.
For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improperly Implemented Security Check for Standard
Exposure of Resource to Wrong Sphere
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Google Chrome
Edge
Suse