Google Chrome Android <104.0.5112.101: Intents Allow Arbitrary Site Nav
CVE-2022-2856 Published on September 26, 2022
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
Known Exploited Vulnerability
This Google Chrome Intents Insufficient Input Validation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Google Chrome Intents allows for insufficient validation of untrusted input, causing unknown impacts. CISA will update this description if more information becomes available.
The following remediation steps are recommended / required by September 8, 2022: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2022-2856 is exploitable with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Weakness Type
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2022-2856
stack.watch emails you whenever new vulnerabilities are published in Fedora Project Fedora or Google Chrome. Just hit a watch button to start following.
Affected Versions
Google Chrome:- Version unspecified and below 104.0.5112.101 is affected.
- Before 104.0.5112.101 is affected.
- Version 37 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.