CVE-2022-0097 Inappropriate implementation of DevTools in Chrome prior to 97.0.4692.71 allowed an attacker to escape the sandbox.

CVE-2022-0097 Inappropriate implementation of DevTools in Chrome prior to 97.0.4692.71 allowed an attacker to escape the sandbox.

On systems with the devtools package installed and enabled, an unprivileged user could gain access to information from other sources in the browser via the extension API. An attacker could exploit this by convincing a user to install an extension that allows viewing other sources, for example, a malicious extension that allows viewing sources from Facebook or Google. Note that this issue only affects systems where devtools are enabled by default. It does not affect systems where devtools are not enabled by default. Update your devtools to version 97.0.4689.0 or later as soon as possible. It is also recommended to check your system for any installations of the devtools package and to make sure that devtools are not enabled by default.

CVE-2022-0100

On systems with the devtools package installed and enabled, an unprivileged user with access to the extension API could gain access to information from other sources in the browser. An attacker could exploit this by convincing a user to install an extension that allows viewing other sources, for example, a malicious extension that allows viewing sources from Facebook or Google. Note that this issue only affects systems where devtools are enabled by default. It does not affect systems where devtools are not enabled by default. Update your devtools to version 97.0.4689.0 or later as soon as possible. It is also recommended to check your system for any installations of the devtools package and to make sure that devtools are not enabled by default.

CVSSv3: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS: CVE-2022-0097
Description: An unprivileged user could gain access to information from other sources in the browser via the extension API.
Impact: Critical - Information Disclosure; High - Privilege Escalation; Low - Denial of Service

There are six reasons why digital marketing is important and it is important for your business to invest in digital marketing. By investing in digital, you will help your business grow. You can target your ideal audience by using information like interests or geographic location that can be inputted into your ad campaigns. Your ad campaign will yield a higher conversion rate because you will spend less money while still getting a better result. By focusing on what you know best, you are able to reach the right people with your ads. And by updating your devtools to version 97.0.4689.0 or later as soon as possible, you avoid a vulnerability that allows an attacker to view information from other sources within the browser extension API, which could lead to privilege escalation and information disclosure if exploited by an attacker.

CVE-2021-0096

On systems with the devtools package installed, an unprivileged user could gain access to information from other sources in the browser via the extension API. An attacker could exploit this by convincing a user to install an extension that allows viewing other sources, for example, a malicious extension that allows viewing sources from Facebook or Google. Update your devtools to version 96.0.4348.0 or later as soon as possible. It is also recommended to check your system for any installations of the devtools package and to make sure that devtools are not enabled by default.

CVE-2022-0098

On systems with the devtools package installed and enabled, an unprivileged user could gain access to information from other sources in the browser via the extension API. An attacker could exploit this by convincing a user to install an extension that allows viewing other sources, for example, a malicious extension that allows viewing sources from Facebook or Google. Note that this issue only affects systems where devtools are enabled by default. It does not affect systems where devtools are not enabled by default. Update your devtools to version 97.0.4689.0 or later as soon as possible. It is also recommended to check your system for any installations of the devtools package and to make sure that devtools are not enabled by default.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe