Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-1873
CVE-2022-1873:
vulnerability analysis and mitigation
Overview
Insufficient policy enforcement in Cross-Origin Opener Policy (COOP) in Google Chrome prior to version 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page (NVD, Chrome Releases).
Technical details
The vulnerability was discovered and reported by NDevTK on March 11, 2022. It received a CVSS 3.1 base score of 6.5 (Medium), with the following characteristics: Network attack vector, Low attack complexity, No privileges required, User interaction required, Unchanged scope, High confidentiality impact, and No impact on integrity or availability (Ubuntu Security).
Impact
The vulnerability could allow attackers to leak cross-origin data, potentially compromising sensitive information from different origins within the browser. The high confidentiality impact rating indicates significant potential for unauthorized information disclosure (Ubuntu Security).
Mitigation and workarounds
Google addressed this vulnerability in Chrome version 102.0.5005.61. The fix was released with a bounty reward of $2,000 to the reporter. Users and administrators should ensure their Chrome installations are updated to this version or later (Chrome Releases).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management