Lucene search

ChromeCVE-2022-2162

HistoryJul 28, 2022 - 1:15 a.m.

CVE-2022-2162

2022-07-2801:15:17

Chrome

web.nvd.nist.gov

199

cve-2022-2162

file system api

insufficient policy enforcement

google chrome

windows

remote attacker

bypass

nvd

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0.005

Percentile

77.4%

JSON

Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.

Affected configurations

Nvd

Vulners

Node

googlechromeRange<103.0.5060.53

AND

microsoftwindowsMatch-

Node

fedoraprojectfedoraMatch35

fedoraprojectfedoraMatch36

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
fedoraprojectfedora35cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
fedoraproject	fedora	35	cpe:2.3:o:fedoraproject:fedora:35:::::::*
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*

CNA Affected

[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "103.0.5060.53",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]