CVE-2022-0109: Inappropriate implementation in Autofill

Q: What is the severity of CVE-2022-0109?

CVE-2022-0109 is classified as a medium-severity vulnerability due to its potential to expose sensitive information.

Q: How do I fix CVE-2022-0109?

To fix CVE-2022-0109, update Google Chrome to version 97.0.4692.71 or later.

Q: What kind of attack does CVE-2022-0109 enable?

CVE-2022-0109 enables a remote attacker to obtain potentially sensitive information via a crafted HTML page.

Q: Which versions of Google Chrome are affected by CVE-2022-0109?

CVE-2022-0109 affects Google Chrome versions prior to 97.0.4692.71.

Q: Are there any alternative browsers affected by CVE-2022-0109?

CVE-2022-0109 does not directly affect other browsers but may have implications for applications using Chromium as their engine.

Published Oct 20, 2021

Updated

Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.

Credit

Young Min Kim@@ylemkimon, CompSec Lab at Seoul National University

Affected Software

6 affected componentsFixes available

debian/chromium<=90.0.4430.212-1~deb10u1

116.0.5845.180-1~deb11u1118.0.5993.70-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.70-1~deb12u1118.0.5993.70-1

Google Chrome<97.0.4692.71

97.0.4692.71

Google Chrome<97.0.4692.71

fedoraproject fedora=34

fedoraproject fedora=35

fedoraproject fedora=36

Remediation

Patch Available

https://crbug.com/1261689

Event History

Oct 20, 2021

CVE Published

12:00 AM

Feb 11, 2022

CVE Published

via MITRE·11:35 PM

Data Sourced

via MITRE·11:35 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

3758141203538733592

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2022-0109?