PT-2022-5092 · Google+3 · Google Chrome+3

Irvan Kurniawan

Published

2022-09-27

Updated

2025-05-06

CVE-2022-3313

CVSS v2.0

8.5

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 106.0.5249.62 Microsoft Edge (affected versions not specified)

Description The issue is related to errors in the representation of information by the user interface, allowing a remote attacker to conduct spoofing attacks using a specially crafted web page. This can be achieved via a crafted HTML page, exploiting incorrect security UI in full screen mode.

Recommendations For Google Chrome versions prior to 106.0.5249.62, update to version 106.0.5249.62 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALT-PU-2022-2693

ALT-PU-2022-2742

ALT-PU-2022-2748

ALT-PU-2022-2835

ALT-PU-2022-2905

ALT-PU-2023-1462

BDU:2022-06321

CVE-2022-3313

DSA-5244-1

MGASA-2022-0357

OPENSUSE-SU-2022:10138-1

OPENSUSE-SU-2022:10139-1

OPENSUSE-SU-2024:12380-1

OPENSUSE-SU-2024:12948-1

Affected Products

Alt Linux

Astra Linux

Google Chrome

Edge

PT-2022-5092 · Google+3 · Google Chrome+3

CVE-2022-3313

Weakness Enumeration

Related Identifiers

Affected Products

References · 2342