Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-0290
CVE-2022-0290:
vulnerability analysis and mitigation
Overview
CVE-2022-0290 is a use-after-free vulnerability in the Site isolation component of Google Chrome versions prior to 97.0.4692.99. The vulnerability was discovered and reported on October 15, 2021, by Brendon Tiszka and Sergei Glazunov of Google Project Zero (Chrome Release Blog).
Technical details
The vulnerability is classified as a high-severity use-after-free issue affecting the Site isolation mechanism in Google Chrome. Site isolation is a critical security feature that separates websites into different processes to prevent malicious sites from accessing data from other sites. The vulnerability could be exploited via a crafted HTML page (NVD).
Impact
If successfully exploited, this vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page, potentially compromising the browser's security boundaries (CVE).
Mitigation and workarounds
The vulnerability was patched in Google Chrome version 97.0.4692.99. Users are advised to update their Chrome browser to this version or later to mitigate the risk (Chrome Release Blog).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management