PT-2022-6779 · Google+1 · Google Chrome+1
Published
2022-08-30
·
Updated
2023-08-19
·
CVE-2022-4913
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 105.0.5195.52
Description
The issue is related to inappropriate implementation in the Extensions component of Google Chrome, which is associated with inadequate access control. This allows a remote attacker who has compromised the renderer process to spoof extension storage by using a crafted HTML page. The severity of this issue is considered high.
Recommendations
For Google Chrome versions prior to 105.0.5195.52, update to version 105.0.5195.52 or later to resolve the issue. As a temporary workaround, consider restricting access to the Extensions component to minimize the risk of exploitation.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Google Chrome