CVE-2022-28226

Name of the Vulnerable Software and Affected Versions Yandex Browser versions prior to 22.3.3.801

Description The issue is related to errors in processing temporary files during the update process, which can allow an attacker to elevate their privileges. A local, low-privileged attacker can execute arbitrary code with SYSTEM privileges by manipulating temporary files in a directory with insecure permissions.

Recommendations For versions prior to 22.3.3.801, update to version 22.3.3.801 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files directory to minimize the risk of exploitation.