CVE-2022-2856
CVE-2022-2856
In short
Google Chrome on Android failed to properly validate malicious links in app intents, allowing attackers to redirect users to harmful websites through a crafted webpage.
Technical detail
CWE-20 insufficient input validation in Intent handling on Android Chrome prior to 104.0.5112.101 allows remote attackers to bypass intent validation and redirect to arbitrary URLs via crafted HTML, requiring user interaction with the malicious page.
Summary generated and translated by AI from the official description.
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected products
Google · ChromeWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.htmlhttps://crbug.com/1345630https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-2856