CVE-2022-0803 An attacker in earlier versions of Chrome could tamper with the Omnibox by crafting a page.

This issue has been fixed in the latest version of Google Chrome. Incorrect implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. This issue was fixed in Google Chrome 49.0.2423.90. Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. This issue was fixed in Google Chrome 49.0.2423.90. CVE-2018-6132 Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6133 Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6134 Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page.

CVE-2018-6135 Inappropriate implementation in Per

How to exploit the vulnerability?

The vulnerability can be exploited by tricking the user into visiting a malicious webpage and if the user is logged into Chrome, the attacker could then read information from the Omnibox. It can also be exploited by tricking the user into installing a malicious extension.

Timeline

Published on: 04/05/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:15:00 UTC

References

• https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
• https://crbug.com/1280233
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0803