CVE-2022-1129 Inappropriate implementation in Google Chrome on Android before 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox.

This issue was addressed by disabling Full Screen in Google Chrome on Android prior to version 100.0.4896.60. Google Chrome prior to version 100.0.4896.60 on Android incorrectly implemented Full Screen support, which allowed remote attackers to spoof the contents of the Omnibox via a crafted HTML page. This issue was addressed by implementing the WebKit Fullscreen API in a more secure manner.

Google Chrome prior to version 100.0.4896.60 on Android incorrectly implemented Full Screen support, which allowed remote attackers to spoof the contents of the Omnibox via a crafted HTML page. This issue was addressed by implementing the WebKit Fullscreen API in a more secure manner. CVE-2018-6451: Insufficient input validation in PDF viewer extension API in Google Chrome prior to version 68.0.3440.75 allowed a remote attacker to perform cross-origin data in an unsafe way via a crafted PDF file.

CVE-2018-6452: Insufficient validation of user-supplied input in PDF viewer extension API in Google Chrome prior to version 68.0.3440.75 allowed a remote attacker to perform cross-origin data in an unsafe way via a crafted PDF file.

CVE-2018-6453: Insufficient validation of user-supplied input in PDF viewer extension API in Google Chrome prior to version 68.0.3440.75 allowed a remote attacker to perform cross-origin data in an unsafe

There are 4 peak performances of the vulnerabilities

There are 4 peak performances of the vulnerabilities in Google Chrome. The first was on 19th of March 2018, the second was on 20th of May 2018, the third was on 25th of May 2018, and the fourth one was on 10th of June 2018.

Multi-Column Turn of Scrolling Contents

In the last few years, scrolling has been a significant part of the mobile web experience. With responsive design and fluid layouts, native applications have become easier to navigate with touchscreens. With this added functionality, we have also seen an increase in malicious activity that target these types of websites.

Timeline

Published on: 07/23/2022 00:15:00 UTC
Last modified on: 08/15/2022 11:16:00 UTC

References

• https://crbug.com/1300253
• https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html
• https://security.gentoo.org/glsa/202208-25
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1129