Vulnerability DatabaseCVE-2022-4922

CVE-2022-4922:
Google Chrome vulnerability analysis and mitigation

Overview

CVE-2022-4922 is a security vulnerability affecting Google Chrome's Blink component prior to version 99.0.4844.51. The vulnerability was discovered by Thomas Orlita on October 19, 2021, and was publicly disclosed in March 2022. This vulnerability allows a remote attacker to perform UI spoofing through a crafted HTML page (Chrome Release).

Technical details

The vulnerability is classified as a Medium severity issue with a CVSS v3.1 base score of 6.5 (MEDIUM). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating that the vulnerability can be exploited remotely with low attack complexity, requires no privileges but does require user interaction, and can result in high impact to integrity (NVD).

Impact

The vulnerability enables an attacker to perform UI spoofing attacks through specially crafted HTML pages, potentially misleading users or manipulating their interaction with the browser interface (Chrome Release).

Mitigation and workarounds

The vulnerability was patched in Google Chrome version 99.0.4844.51. Users are advised to update their Chrome browser to this version or later to mitigate the risk (NVD).

Additional resources

Source: This report was generated using AI

6.5

Score

Published July 29, 2023

Severity MEDIUM

CNA Score N/A

Affected Technologies

Google Chrome
Chromium

Has Public Exploit No

Has CISA KEV Exploit No

CISA KEV Release Date N/A

CISA KEV Due Date N/A

Exploitation Probability Percentile (EPSS) 37.5

Exploitation Probability (EPSS) 0.2

Affected packages and libraries

chromium
cpe:2.3:a:google:chrome

Sources

Debian Security Tracker
- Debian 9, 10 Severity MEDIUMNo FixAdded at: Aug 01, 2023
- Debian 11, 12, 13 Severity MEDIUMHas FixAdded at: Aug 01, 2023
Nix
- Nix Severity MEDIUMHas FixAdded at: May 26, 2024
NVD
- Linux Severity MEDIUMHas FixAdded at: Aug 06, 2023
- Windows Severity MEDIUMHas FixAdded at: Aug 06, 2023