CVE-2022-0291 Inappropriate implementation in Chrome prior to v97 allowed a remote attacker to bypass site isolation.

This issue was fixed in the following versions:

Google Chrome 97.0.4692.0

Google Chrome 96.0.4079.5

Google Chrome 96.0.4068.0

Google Chrome 96.0.4062.0

Google Chrome 96.0.4055.0

Google Chrome 96.0.4053.0

Google Chrome 96.0.4049.0

Google Chrome 96.0.4045.0

Google Chrome 96.0.4041.0
Concurrent mal-implementation in Blink in Google Chrome prior to 96.0.4038.0 allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

Concurrent mal-implementation in Web Workers in Google Chrome prior to 96.0.4038.0 allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.

Google Chrome  96.0.4038.0

A remote attacker can bypass the Same Origin Policy via a crafted HTML page.

This issue was fixed in version 96.0.4038.0.

Versions Affected

Google Chrome 97.0.4692.0
Google Chrome 96.0.4079.5
Google Chrome 96.0.4068.0
Google Chrome 96.0.4062.0
Google Chrome 96.0.4055.0
Google Chrome 96.0.4053.0
Google Chrome 96.0.4049
Google Chrome 96   . 0 . 4045 . 0
Google Chrome 96   . 0 . 4041 . 0

Google Chrome 96.0.4038.0 (stable) 96.0.4038.0 (dev)

Timeline

Published on: 02/12/2022 02:15:00 UTC
Last modified on: 02/22/2022 16:20:00 UTC

References

• https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html
• https://crbug.com/1281084
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0291