CVE-2022-1128 An attacker on the local network segment could leak cross-origin data in Google Chrome on Windows prior to 100.0.4896.60.

CVE-2022-1128 An attacker on the local network segment could leak cross-origin data in Google Chrome on Windows prior to 100.0.4896.60.

This issue was addressed by restricting data flow across origins. As a general security best practice, applications should avoid transmitting data across origins. This can be problematic if the data being transmitted is not sufficiently validated, has an origin that has been hardcoded, or is being sent across an insecure connection such as unencrypted HTTP. In these cases, an attacker could potentially exploit this behaviour to steal data. An application that needs to transmit data between origins must do so using a secure protocol, and through an encrypted origin.

Summary

This issue was addressed by restricting data flow across origins. As a general security best practice, applications should avoid transmitting data across origins. This can be problematic if the data being transmitted is not sufficiently validated, has an origin that has been hardcoded, or is being sent across an insecure connection such as unencrypted HTTP. In these cases, an attacker could potentially exploit this behaviour to steal data. An application that needs to transmit data between origins must do so using a secure protocol, and through an encrypted origin.

CVE-2022-1129

Multiple cross-site scripting vulnerabilities were found in the way OpenSSL handled DTLS messages during an SSL/TLS handshake. A remote attacker could possibly exploit these issues to execute arbitrary script code in a user's browser session.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe