CVE-2022-1873
Summary
| CVE | CVE-2022-1873 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-07-27 22:15:00 UTC |
| Updated | 2022-10-26 13:47:00 UTC |
| Description | Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. |
Risk And Classification
Problem Types: CWE-668
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1305394 - chromium - An open-source project to help move the web forward. - Monorail | MISC | crbug.com | |
| Chromium, Google Chrome, Microsoft Edge, QtWebEngine: Multiple Vulnerabilities (GLSA 202208-25) — Gentoo security | GENTOO | security.gentoo.org | |
| Chrome Releases: Stable Channel Update for Desktop | MISC | chromereleases.googleblog.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179315 Debian Security Update for chromium (DSA 5148-1)
- 183208 Debian Security Update for chromium (CVE-2022-1873)
- 282877 Fedora Security Update for chromium (FEDORA-2022-7416607232)
- 282885 Fedora Security Update for chromium (FEDORA-2022-bcb096166f)
- 376632 Google Chrome Prior to 102.0.5005.61/102.0.5005.63 Multiple Vulnerabilities
- 376646 Microsoft Edge Based on Chromium Prior to 102.0.1245.30 Multiple Vulnerabilities
- 502251 Alpine Linux Security Update for chromium
- 504604 Alpine Linux Security Update for chromium
- 690870 Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (40e2c35e-db99-11ec-b0cf-3065ec8fd3ec)
- 710602 Gentoo Linux Chromium, Google Chrome, Microsoft Edge, QtWebEngine Multiple Vulnerabilities (GLSA 202208-25)