CVE-2022-0109 Autofill in Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain sensitive information.

CVE-2022-0109 Autofill in Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain sensitive information.

Google has patched this vulnerability in Google Chrome Stable channel. Users are advised to update their installations as soon as possible. In addition to that, users should keep a close eye on their Autofill implementation and verify that it is implemented securely. From RedTeam Labs’ own research, it appears as though some implementations are still at risk of a successful attack. We encourage you to implement Autofill securely and responsibly.

What is Autofill?

Autofill is a function that can store data for future use. It is found in most web browsers, and in Google Chrome it is a very useful tool for people to remember things like addresses and credit card information. In this example, we're going to discuss how the CVE-2022-0109 vulnerability left Autofill vulnerable to a successful attack.
In order to exploit this vulnerability, the attacker would need to trick the victim into visiting an attacker controlled website. This could be accomplished via social engineering or by disguising their own website as something the victim would trust. Once on the site, the victim would have to enter their username and password into fields that are not Autofill enabled. This would then allow the attacker access to all of the saved username/password combinations stored on your machine by Autofill.

Summary of Google Chrome Autofill Vulnerability

Google Chrome users are advised to update their installations as soon as possible. The vulnerability, CVE-2022-0109, is one of the worst vulnerabilities ever found in Google’s browser. The vulnerability is an “injection attack”; attackers can inject malicious code into a webpage and compromise the Autofill implementation. It’s likely that this vulnerability will be the cause of many attacks from malware creators in the future. It is important that users keep a close eye on their Autofill implementations and ensure they are implemented securely

Google has released a new version of Chrome

Google has released a new version of Chrome, which patched the vulnerability CVE-2022-0109. This vulnerability was discovered by RedTeam Labs and is related to Autofill in Chrome.
The patch for CVE-2022-0109 had been included in Google’s July 2019 update for Chrome, which was pushed out to users on August 1st.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe