This issue was fixed in version 108.0.5359.81. In Google Chrome prior to 108.0.5359.71, an attacker could convince a user to install a malicious extension via a malicious website by bypassing navigation restrictions. This issue was fixed by improving the enforcement of extension installation policy in Google Chrome. Chrome updates for Windows, Mac, and Linux.
Google Chrome Security Updates
Google Chrome has released an update to fix a security issue that could have been exploited by malicious websites. The update resolves a vulnerability in Google Chrome where an attacker could convince a user to install a malicious extension via a malicious website by bypassing navigation restrictions. This issue was fixed by improving the enforcement of extension installation policy in Google Chrome. Google Chrome updates for Windows, Mac, and Linux have been released.
Google Chrome versions affected
Google Chrome prior to 108.0.5359.71 is affected by this issue.
Google Chrome Prior to 108.0.5359.71
Google Chrome prior to 108.0.5359.71 had a vulnerability that could be exploited by malicious websites to convince a user to install an extension without their permission. An attacker could convince the user to install the extension by bypassing navigation restrictions.
The issue was fixed by improving the enforcement of extension installation policy in Google Chrome. Chrome updates for Windows, Mac, and Linux were released on December 21, 2016, and the update was pushed out automatically or you can download it from chrome://extensions/
Other version numbers
Version 108.0.5359.81 of Chrome fixes CVE-2022-4189, a vulnerability in which malicious extensions could bypass the navigation restrictions imposed by Google Chrome.
Timeline
Published on: 11/30/2022 00:15:00 UTC
Last modified on: 12/01/2022 23:29:00 UTC