CVE-2022-0337

Published on: Not Yet Published

Last Modified on: 02/20/2023 09:28:56 AM UTC

CVE-2022-0337

Source: Mitre Source: NIST CVE.ORG Print: PDF PDF
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Certain versions of Chrome from Google contain the following vulnerability:

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)

  • CVE-2022-0337 has been assigned by URL Logo chrome-cve-a[email protected] to track the vulnerability - currently rated as MEDIUM severity.
  • Affected Vendor/Software: URL Logo Google - Chrome version < 97.0.4692.71

CVSS3 Score: 6.5 - MEDIUM

Attack
Vector 		Attack
Complexity		 Privileges
Required		 User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact		 Integrity
Impact		 Availability
Impact
UNCHANGED HIGH NONE NONE

CVE References

Description Tags Link
Chrome Releases: Stable Channel Update for Desktop chromereleases.googleblog.com
text/html
 URL Logo MISC chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
1247389 - chromium - An open-source project to help move the web forward. - Monorail crbug.com
text/html
 URL Logo MISC crbug.com/1247389
By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Exploit/POC from Github

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote at…

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationGoogleChromeAllAllAllAll
Operating
System		MicrosoftWindows-AllAllAll
  • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*:
  • cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @pulik_io ? CVE-2022-0337 (reward: $10,000) - That's my 7th CVE in Google. All done as a Software Engineer? Check thread ?… twitter.com/i/web/status/1… 2022-01-22 16:24:16
Twitter Icon @ipssignatures The vuln CVE-2022-0337 has a tweet created 0 days ago and retweeted 38 times. twitter.com/pulik_io/statu… #pow1rtrtwwcve 2022-01-22 20:06:00
Twitter Icon @ipssignatures The vuln CVE-2022-0337 has a tweet created 0 days ago and retweeted 109 times. twitter.com/pulik_io/statu… #pow2rtrtwwcve 2022-01-23 02:06:00
Twitter Icon @CVEtrends Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-0337: 388.9K (audience size) CVE-2021-45467: 161.1K CVE-2021-… twitter.com/i/web/status/1… 2022-01-23 14:00:02
Twitter Icon @Har_sia CVE-2022-0337 har-sia.info/CVE-2022-0337.… #HarsiaInfo 2022-01-23 23:01:05
Twitter Icon @pulik_io ? CVE-2022-0337 (reward: $10,000 - @GoogleVRP ) - Write-up and Video ? System environment variables leak on Google… twitter.com/i/web/status/1… 2022-03-19 12:45:17
Twitter Icon @pulik_io Proof of concept on my GitHub: github.com/Puliczek/CVE-2… ? Show your support - give a ⭐️ if you liked the content 2022-03-19 12:45:18
Twitter Icon @ipssignatures The vuln CVE-2022-0337 has a tweet created 0 days ago and retweeted 22 times. twitter.com/pulik_io/statu… #pow1rtrtwwcve 2022-03-19 16:06:01
Twitter Icon @n0ipr0cs GitHub - Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: ? ?? [P1-$10,000] Google Chrome, Microsoft… twitter.com/i/web/status/1… 2022-03-19 16:43:08
Twitter Icon @axcheron CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera github.com/Puliczek/CVE-2… 2022-03-19 17:52:00
Twitter Icon @s3xcur1ty CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera github.com/Puliczek/CVE-2…twitter.com/i/web/status/1… 2022-03-19 18:31:47
Twitter Icon @0xc7m #CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera #POC #redteam #pentest… twitter.com/i/web/status/1… 2022-03-19 20:50:56
Twitter Icon @Ksecureteamlab CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera github.com/Puliczek/CVE-2…twitter.com/i/web/status/1… 2022-03-19 21:32:49
Twitter Icon @nuria_imeq GitHub - Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: ? ?? [P1-$10,000] Google Chrome, Microsoft… twitter.com/i/web/status/1… 2022-03-19 21:39:13
Twitter Icon @RobertoFocke github.com/Puliczek/CVE-2… 2022-03-19 22:11:44
Twitter Icon @sploitus_com Exploit for CVE-2022-0337 sploitus.com/exploit?id=820… #Exploit #Sploitus 2022-03-20 00:26:09
Twitter Icon @OkKoChicPu #CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera #POC #redteam #pentest… twitter.com/i/web/status/1… 2022-03-20 01:22:33
Twitter Icon @ipssignatures The vuln CVE-2022-0337 has a tweet created 0 days ago and retweeted 11 times. twitter.com/0xc7m/status/1… #pow1rtrtwwcve 2022-03-20 02:06:00
Twitter Icon @cyberguideme @AlvieriD @campuscodi @vxunderground @Microsoft github.com/Puliczek/CVE-2… idk if this is anything to do with this news 2022-03-20 08:59:07
Twitter Icon @hack_git CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera Successful exploitatio… twitter.com/i/web/status/1… 2022-03-20 10:36:33
Twitter Icon @CVEtrends Top 3 trending CVEs on Twitter Past 24 hrs: CVE-2022-0337: 330.1K (audience size) CVE-2021-28372: 313.1K CVE-2021-… twitter.com/i/web/status/1… 2022-03-20 14:00:02
Twitter Icon @Har_sia CVE-2022-0337 har-sia.info/CVE-2022-0337.… #HarsiaInfo 2022-03-20 15:00:06
Twitter Icon @Har_sia CVE-2022-0337 har-sia.info/CVE-2022-0337.… #HarsiaInfo 2022-03-20 18:23:02
Twitter Icon @fvant Oops github.com/Puliczek/CVE-2… 2022-03-20 19:30:13
Twitter Icon @JekiCode CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: ? ?? [P1-$10,000] Google Chrome, Microsoft Edge and Opera - v… twitter.com/i/web/status/1… 2022-03-20 23:00:43
Twitter Icon @ptracesecurity CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera github.com/Puliczek/CVE-2… https://t.co/8CUFUtBWgU 2022-03-21 01:16:14
Twitter Icon @ipssignatures The vuln CVE-2022-0337 has a tweet created 0 days ago and retweeted 15 times. twitter.com/ptracesecurity… #pow1rtrtwwcve 2022-03-21 06:06:00
Twitter Icon @Nihilisme10 My new fav tweet: CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera… twitter.com/i/web/status/1… 2022-03-21 09:52:21
Twitter Icon @Har_sia CVE-2022-0337 har-sia.info/CVE-2022-0337.… #HarsiaInfo 2022-03-21 15:00:06
Twitter Icon @lordman1982 GitHub - Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: ? ?? [P1-$10,000] Google Chrome, Microsoft… twitter.com/i/web/status/1… 2022-03-21 17:30:00
Twitter Icon @Har_sia CVE-2022-0337 har-sia.info/CVE-2022-0337.… #HarsiaInfo 2022-03-21 18:24:02
Twitter Icon @brianlinux CVE-2022-0337 : System environment variables leak on Google Chrome, Microsoft Edge and Opera… twitter.com/i/web/status/1… 2022-03-23 04:46:40
Twitter Icon @CoolApps45 ah, yes. an issue due to poor windows design, as usual github.com/Puliczek/CVE-2… 2022-03-24 19:32:40
Twitter Icon @Securityblog GitHub - Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: ? ?? [P1-$10,000] Google Chrome, Microsoft… twitter.com/i/web/status/1… 2022-03-27 11:41:45
Twitter Icon @RedPacketSec Google Chrome version 97.0.4692.71-CVE-2022-0337 - redpacketsecurity.com/google-chrome-… 2022-04-01 10:02:04
Twitter Icon @Securityblog GitHub - Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera: ? ?? [P1-$10,000] Google Chrome, Microsoft… twitter.com/i/web/status/1… 2022-04-14 09:19:07
Twitter Icon @buaqbot 有意思的CVE-2022-0337复现 ift.tt/Ps1xav5 ift.tt/zYAVm8u 2022-04-22 12:11:15
Twitter Icon @buaqbot 有意思的CVE-2022-0337复现 ift.tt/YX4Ew3b ift.tt/kX2VYB1 2022-04-24 09:07:07
Twitter Icon @Sekurak CVE-2022-0337 – podatność w Chrome warta ~45000zł, namierzona przez Maćka Pulikowskiego. Szczegóły: sekurak.pl/cve-2022-0337-… 2022-06-02 09:13:30
Twitter Icon @SaraBadran18 ? ?? [P1-$10,000] Google Chrome, Microsoft Edge and Opera - System environment variables leak - CVE-2022-0337 write… twitter.com/i/web/status/1… 2022-08-23 10:35:40
Twitter Icon @ipssignatures The vuln CVE-2022-0337 has a tweet created 0 days ago and retweeted 10 times. twitter.com/SaraBadran18/s… #pow1rtrtwwcve 2022-08-23 22:06:00
Twitter Icon @NationalCyberS1 CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge, and Opera! Reward: $10,000 from… twitter.com/i/web/status/1… 2022-09-11 09:30:30
Twitter Icon @CVEreport CVE-2022-0337 : Inappropriate implementation in File System API in Google Chrome on #Windows prior to 97.0.4692.71… twitter.com/i/web/status/1… 2023-01-02 23:05:56
© CVE.report 2023 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report