CVE-2022-0108: Inappropriate implementation in Navigation

Published Sep 10, 2021
·
Updated

An inappropriate implementation flaw was found in the Navigation component of the Chromium browser.

Upstream bug(s):

https://code.google.com/p/chromium/issues/detail?id=1248444

External References:

https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

Other sources

Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

WebKit. This issue was addressed with improved iframe sandbox enforcement.

Apple

Credit

Luan Herrera@@lbherrera_

Affected Software

20 affected componentsFixes available
ubuntu/chromium-browser<97.0.4692.71-0ubuntu0.18.04.1
97.0.4692.71-0ubuntu0.18.04.1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.20.04.1
2.38.6-0ubuntu0.20.04.1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.22.04.1
2.38.6-0ubuntu0.22.04.1
ubuntu/webkit2gtk<2.38.6-0ubuntu0.22.10.1
2.38.6-0ubuntu0.22.10.1
ubuntu/webkit2gtk<2.40.1-0ubuntu0.23.04.1
2.40.1-0ubuntu0.23.04.1
debian/chromium<=90.0.4430.212-1~deb10u1
116.0.5845.180-1~deb11u1118.0.5993.117-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.117-1~deb12u1118.0.5993.117-1119.0.6045.105-1
debian/webkit2gtk<=2.36.4-1~deb10u1
2.38.6-0+deb10u12.40.5-1~deb11u12.42.1-1~deb11u22.40.5-1~deb12u12.42.1-1~deb12u12.42.1-2
debian/wpewebkit
2.38.6-1~deb11u12.38.6-12.42.1-1
Apple tvOS<16.3
16.3
Apple WatchOS<9.3
9.3
Apple macOS Ventura<13.2
13.2
Google Chrome<97.0.4692.71
97.0.4692.71
Apple Safari<16.3
16.3
Google Chrome<97.0.4692.71
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Fedoraproject Fedora=36
Apple iOS<16.3
16.3
Apple iPadOS<16.3
16.3
redhat/chromium-browser<97.0.4692.71
97.0.4692.71

Remediation

Patch Available

https://crbug.com/1248444

Event History

Sep 10, 2021
CVE Published
12:00 AM
Jan 5, 2022
Data Sourced
via Red Hat·05:19 PM
DescriptionSeverityAffected Software
Feb 11, 2022
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
DescriptionWeakness
May 9, 2023
Data Sourced
09:25 AM
Description

Parent advisories

This vulnerability appears in the following advisories.

Peer vulnerabilities

Found alongside the following vulnerabilities.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID?

The vulnerability ID is CVE-2022-0108.

2

What is the title of the vulnerability?

The title of the vulnerability is WebKit.

3

What is the description of the vulnerability?

The vulnerability is related to inappropriate implementation in Navigation in Google Chrome prior to version 97.0.4692.71, allowing a remote attacker to leak cross-origin data via a crafted HTML page.

4

What software are affected by this vulnerability?

The following software are affected by this vulnerability: Apple Safari up to version 16.3, Ubuntu Chromium Browser up to version 97.0.4692.71-0ubuntu0.18.04.1, Ubuntu Webkit2gtk up to version 2.38.6-0ubuntu0.20.04.1, Ubuntu Webkit2gtk up to version 2.38.6-0ubuntu0.22.04.1, Ubuntu Webkit2gtk up to version 2.38.6-0ubuntu0.22.10.1, Ubuntu Webkit2gtk up to version 2.40.1-0ubuntu0.23.04.1, Debian Chromium up to version 90.0.4430.212-1~deb10u1, Debian Webkit2gtk up to version 2.36.4-1~deb10u1, Debian Webkit2gtk up to version 2.38.5-1~deb11u1, Debian Wpewebkit up to version 2.38.5-1~deb11u1, Apple watchOS up to version 9.3, Apple tvOS up to version 16.3, Apple macOS Ventura up to version 13.2, Apple iOS up to version 16.3, and Apple iPadOS up to version 16.3.

5

What is the severity of this vulnerability?

The severity of this vulnerability is not mentioned.

6

Is there a fix available for this vulnerability?

Yes, the fix for this vulnerability is available in Apple Safari version 16.3, Ubuntu Chromium Browser version 97.0.4692.71-0ubuntu0.18.04.1, Ubuntu Webkit2gtk version 2.38.6-0ubuntu0.20.04.1, Ubuntu Webkit2gtk version 2.38.6-0ubuntu0.22.04.1, Ubuntu Webkit2gtk version 2.38.6-0ubuntu0.22.10.1, Ubuntu Webkit2gtk version 2.40.1-0ubuntu0.23.04.1, Debian Chromium version 90.0.4430.212-1~deb10u1, Debian Webkit2gtk version 2.36.4-1~deb10u1, Debian Webkit2gtk version 2.38.5-1~deb11u1, Debian Wpewebkit version 2.38.5-1~deb11u1, Apple watchOS version 9.3, Apple tvOS version 16.3, Apple macOS Ventura version 13.2, Apple iOS version 16.3, and Apple iPadOS version 16.3.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203
CVE-2022-0108 - Inappropriate implementation in Navigation - SecAlerts