Описание
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 100.0.4896.127-0ubuntu0.18.04.1 |
| devel | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | focal was not-affected [code not present] |
| focal | not-affected | code not present |
| impish | not-affected | code not present |
| jammy | not-affected | code not present |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 100.0.4896.60 |
Показывать по
Ссылки на источники
EPSS
8.1 High
CVSS3
Связанные уязвимости
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.
Chromium: CVE-2022-1130 Insufficient validation of untrusted input in WebOTP
Insufficient validation of trust input in WebOTP in Google Chrome on A ...
Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.
Уязвимость интерфейса WebOTP API браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3