CVE-2022-0117 The bypass in Blink allowed a remote attacker to leak cross-origin data.

CVE-2022-0117 The bypass in Blink allowed a remote attacker to leak cross-origin data.

This issue was fixed in version 97.0.4692.71. Note: This issue cannot be exploited by users as it requires the ability to open HTML pages. Google credits Kaveh Razavi and Roel Schouwen as the original reporters of this issue. Google PDF Viewer In Google Chrome prior to 76.0.4673.5, when viewing a PDF file, if the user accepted the license terms, the browser will open the Adobe Digital Publishing Program license page. Note: This issue does not affect users if they have the Adobe Digital Publishing Program (formerly known as Acrobat Reader) installed. End-users can avoid this issue by not accepting the license terms. This bug was publicly disclosed on October 31, 2017. End-users can avoid this issue by not accepting the license terms. This bug was publicly disclosed on October 31, 2017. Google Chrome prior to 76.0.4673.5 included a PDF viewer that would open the Adobe Digital Publishing Program license page when viewing a PDF file.

Fixed in Google Chrome 76.0.4673.6

This issue was fixed in version 76.0.4673.6. Google Chrome 76.0.4673.6 included a PDF viewer that would not open the Adobe Digital Publishing Program license page when viewing a PDF file if the user accepted the license terms at the beginning of the PDF file, as described in CVE-2022-0117.

Vulnerability Summary

A PDF viewer bug was discovered in Google Chrome prior to 76.0.4673.5 that would open the Adobe Digital Publishing Program license page when viewing a PDF file.

Vulnerable Software

Google Chrome prior to 76.0.4673.5 included a PDF viewer that would open the Adobe Digital Publishing Program license page when viewing a PDF file.

Vulnerability anatomy

An attacker who exploited this vulnerability could take control of the affected user's computer. To exploit this issue, an attacker would first need to lure the victim to a website that contains malicious HTML code.
This vulnerability is rated as Critical because users who visit a maliciously crafted website may be at risk of arbitrary code execution in the context of the current user.
Vulnerability Rating: Critical

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe