Vulnerability DatabaseCVE-2022-1857

CVE-2022-1857:
vulnerability analysis and mitigation

Overview

Insufficient policy enforcement in File System API in Google Chrome prior to version 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. The vulnerability was reported by Daniel Rhea on July 11, 2021, and was officially patched in May 2022 (Chrome Release).

Technical details

The vulnerability was assigned a CVSS 3.1 base score of 8.8 (High severity), with the following characteristics: network-based attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, and high impact on confidentiality, integrity, and availability (Ubuntu Security).

Impact

The vulnerability could allow attackers to bypass file system restrictions, potentially leading to unauthorized access to files and directories. The high CVSS score indicates significant potential impact on system confidentiality, integrity, and availability (Ubuntu Security).

Mitigation and workarounds

The vulnerability was fixed in Chrome version 102.0.5005.61. Users and administrators should ensure their Chrome installations are updated to this version or later. The fix was also incorporated into various Linux distributions, including Debian and Ubuntu (Debian Security, Chrome Release).

Additional resources

Source: This report was generated using AI

View vulnerable instances

Not a Wiz customer? See which CVEs are exploitable in your environment.

Get a CVE Assessment

8.8

Score

Published July 27, 2022

Severity HIGH

CNA Score N/A

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 36

Exploitation Probability (EPSS) 0.1

Affected packages and libraries

chromium-browser
dev-qt/qtwebengine

Sources

Alpine Security Tracker
- Alpine 3.16 Severity HIGHHas FixAdded at: May 27, 2022
- Alpine 3.17 Severity HIGHHas FixAdded at: Nov 23, 2022
- Alpine 3.18 Severity HIGHHas FixAdded at: May 10, 2023
- Alpine 3.19 Severity HIGHHas FixAdded at: Dec 10, 2023
- Alpine 3.20 Severity HIGHHas FixAdded at: May 26, 2024
- Alpine 3.21 Severity HIGHHas FixAdded at: Dec 08, 2024
- Alpine 3.22 Severity HIGHHas FixAdded at: Jun 01, 2025
- Alpine edge Severity HIGHHas FixAdded at: Jun 19, 2023
Debian Security Tracker
- Debian 9, 10 Severity HIGHNo FixAdded at: May 25, 2022
- Debian 11, 12 Severity HIGHHas FixAdded at: May 25, 2022
- Debian 13 Severity HIGHHas FixAdded at: Jun 11, 2023
- Debian 14 Severity HIGHHas FixAdded at: Aug 10, 2025
Echo
- Echo Severity HIGHHas FixAdded at: Nov 18, 2025
Gentoo Advisory Database
- Gentoo Severity HIGHHas FixAdded at: Aug 14, 2022
Nix
- Nix Severity HIGHHas FixAdded at: May 26, 2024
Ubuntu Security Tracker
- Ubuntu 18.04 Severity MEDIUMHas FixAdded at: May 28, 2022
NVD
- Linux Severity HIGHHas FixAdded at: Aug 03, 2022
- Windows Severity HIGHHas FixAdded at: May 29, 2022