CVE-2022-1497 - OpenCVE

Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Google	Chrome

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

References

Link	Resource
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html	Release Notes Vendor Advisory
https://crbug.com/1264543	Exploit Issue Tracking Patch Vendor Advisory
https://security.gentoo.org/glsa/202208-25	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2022-07-26T21:35:05

Updated: 2022-08-14T21:08:54

Reserved: 2022-04-26T00:00:00

Link: CVE-2022-1497

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-07-26T22:15:10.157

Modified: 2022-10-26T19:06:59.970

Link: CVE-2022-1497

JSON object: View

Redhat Information

No data.

CWE

CWE-346

{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"lessThan": "101.0.4951.41", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Inappropriate implementation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-14T21:08:54", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html"}, {"tags": ["x_refsource_MISC"], "url": "https://crbug.com/1264543"}, {"name": "GLSA-202208-25", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-25"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "chrome-cve-admin@google.com", "ID": "CVE-2022-1497", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_affected": "<", "version_value": "101.0.4951.41"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Inappropriate implementation"}]}]}, "references": {"reference_data": [{"name": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html", "refsource": "MISC", "url": "https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html"}, {"name": "https://crbug.com/1264543", "refsource": "MISC", "url": "https://crbug.com/1264543"}, {"name": "GLSA-202208-25", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-25"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2022-1497", "datePublished": "2022-07-26T21:35:05", "dateReserved": "2022-04-26T00:00:00", "dateUpdated": "2022-08-14T21:08:54", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}