Описание
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 105.0.5195.102-0ubuntu0.18.04.1 |
| devel | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/focal | DNE | focal was not-affected [code not present] |
| focal | not-affected | code not present |
| jammy | not-affected | code not present |
| kinetic | not-affected | code not present |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 105.0.5195.52 |
Показывать по
Ссылки на источники
6.5 Medium
CVSS3
Связанные уязвимости
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
Chromium: CVE-2022-3047 Insufficient policy enforcement in Extensions API
Insufficient policy enforcement in Extensions API in Google Chrome pri ...
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.
Уязвимость компонента Extensions API браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю обойти существующие ограничения безопасности
6.5 Medium
CVSS3