CVE-2022-1499: 
vulnerability analysis and mitigation

A vulnerability identified as CVE-2022-1499 was discovered in Google Chrome's WebAuthentication implementation prior to version 101.0.4951.41. The vulnerability was reported by Jun Kokatsu from Microsoft Browser Vulnerability Research on September 4, 2019, and was publicly disclosed in April 2022 (Chrome Release).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L. The issue stems from an inappropriate implementation in the WebAuthentication component that could allow an attacker to bypass the same-origin policy through a crafted HTML page. The vulnerability is categorized under CWE-863 (Incorrect Authorization) (NVD).

The vulnerability could allow a remote attacker to bypass the same-origin policy, which is a fundamental security control in web browsers. This bypass could potentially lead to unauthorized access to cross-origin resources, compromising the confidentiality and integrity of web applications (NVD).

The vulnerability was patched in Google Chrome version 101.0.4951.41. Users and administrators are advised to upgrade to this version or later to mitigate the risk. The fix was also incorporated into other Chromium-based browsers and their derivatives (Chrome Release, Gentoo Advisory).