CVE-2022-4025

Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
References
Link Resource
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html Release Notes Vendor Advisory
https://crbug.com/1260250 Exploit Issue Tracking Permissions Required Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

29 Oct 2024, 16:35

Type Values Removed Values Added
CWE CWE-203
Summary
  • (es) La implementación inadecuada en Paint en Google Chrome anterior a 98.0.4758.80 permitió a un atacante remoto filtrar datos de orígenes cruzados fuera de un iframe a través de una página HTML manipulada. (Severidad de seguridad de Chrome: baja)

08 Aug 2023, 14:22

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-02 23:15

Updated : 2024-10-29 16:35


NVD link : CVE-2022-4025

Mitre link : CVE-2022-4025

CVE.ORG link : CVE-2022-4025


JSON object : View

Products Affected

google

  • chrome
CWE
NVD-CWE-noinfo CWE-203

Observable Discrepancy