CVE-2022-0802 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox.

CVE-2022-0802 Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox.

This issue was addressed by disabling Full screen mode by default. Insecure handling of cookies in the HTTP protocol in Google V8 5.0 and 5.0.1 allowed attackers to obtain access to restricted content via a malicious web site. This issue was addressed by changing the way cookies are wiped out by the browser. Insecure handling of user input in WebView components in Google Chrome prior to version 99 allowed a remote attacker to perform cross-origin page redirection and steal data via a crafted HTML page. This issue was addressed by enforcing strict restrictions on the origin of HTML pages that are loaded into WebView components. Modification of system settings in Google Chrome prior to version 99 caused changes to be saved without being immediately visible. An attacker could exploit this to prevent changes from being immediately visible, causing the user interface to appear garbled or corrupted. This issue was fixed by updating the layout of the user interface for setting preferences. Insecure handling of user input in Google Chrome prior to version 99 caused cross-origin page redirection and data theft via a malicious web site. This issue was addressed by changing the way redirection is handled. Insecure handling of user input in Google Chrome prior to version 99 caused cross-origin page redirection and data theft via a malicious web site. This issue was addressed by changing the way redirection is handled

Google Chrome version 99

Google Chrome version 99 has been released. The most significant changes in version 99 are:
- Added the new method of sending notifications. This allows you to send notification requests to apps on your device, such as alarms, events, and reminders.  - Moved the location bar to be under the omnibox in Chrome's address bar.  - Added a new design for tabs that makes them easier to distinguish from each other. - Made it easier for users to access different tabs when a webpage is loading or paused by making it possible to open multiple browser windows at once using Ctrl+N (Windows) or Command+N (Mac).  - Added a new key that allows you to search text within your current tab.

Information disclosure in the V8 JavaScript engine

CVE-2022-0802
An issue was discovered in the V8 JavaScript engine in Google Chrome before 65. The HTML parser incorrectly allowed scripts to run in an unrestricted scope when later scripts would have expected a restricted one. This issue was addressed by changing the HTML parser to handle scopes consistently.

Vulnerability Scenario

A researcher found a bug in the way Google Chrome handles cookies. A malicious web site could exploit this to steal information from the user.

Updates for version span style="color: #ff0000;"

Chrome version 86.0.3282.80 was released on December 18, 2018

How to Outsource SEO Correctly & Avoid the 5 Most Common Mistakes

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe