CVE-2022-1309 Malicious code could be run in a sandbox escape in Google Chrome prior to 100.0.4896.88.

CVE-2022-1309 Malicious code could be run in a sandbox escape in Google Chrome prior to 100.0.4896.88.

This issue was addressed by improved sandboxing of data access in Chrome. In addition, app developers are advised to consider updating their application to one of the patched versions as soon as possible. Insecure extract/load of data via file: protocol introduced in Google Docs prior to 5.0.14 allowed a remote attacker to obtain sensitive information via a crafted file attachment sent to the victim via email.

End-users are advised to review all file attachments sent via email and determine if they are really needed for the intended purpose. Insecure data access in Google Sheets prior to 5.0.14 allowed a remote attacker to obtain sensitive information via a crafted file attachment sent to the victim via email.

End-users are advised to review all file attachments sent via email and determine if they are really needed for the intended purpose. Incorrect access control in Google Sheets prior to 5.0.14 allowed a remote attacker to obtain sensitive information via a crafted file attachment sent to the victim via email.

End-users are advised to review all file attachments sent via email and determine if they are really needed for the intended purpose. Insecure data access in Google Docs prior to 5.0.14 allowed a remote attacker to obtain sensitive information via a crafted file attachment sent to the victim via email.

End-users are advised to review all file attachments sent via email and determine if they are really needed for the intended purpose.

Vulnerability Scenario

A typical scenario of this vulnerability is an attacker sending an email containing a malicious attachment. The attacker would not have to be in the same network as the victim to exploit this vulnerability.

Chrome Browser

Chrome 45 has been scheduled to be released on November 3rd, 2015.

Mitigation tactics

Users are advised that they should ensure that the email attachment contains a file from the sender, and not from an unknown source. Users should also review all file attachments sent via email to determine if they are really needed for the intended purpose.

What is Google Sheets?

Google Sheets is a spreadsheet application that allows users to create and share spreadsheets with friends, colleagues, or the general public.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe