CVE-2022-0110: Incorrect security UI in Autofill
Published Aug 6, 2021
·Updated
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
Credit
Alesandro Ortiz
Affected Software
6 affected componentsFixes available
debian/chromium<=90.0.4430.212-1~deb10u1
116.0.5845.180-1~deb11u1118.0.5993.70-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.70-1~deb12u1118.0.5993.70-1
Google Chrome<97.0.4692.71
97.0.4692.71
Google Chrome<97.0.4692.71
fedoraproject fedora=34
fedoraproject fedora=35
fedoraproject fedora=36
Event History
Aug 6, 2021
CVE Published
12:00 AM
Feb 11, 2022
CVE Published
via MITRE·11:35 PM
Data Sourced
via MITRE·11:35 PM
DescriptionWeakness
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2022-0096
- CVE-2022-0097
- CVE-2022-0098
- CVE-2022-0099
- CVE-2022-0100
- CVE-2022-0101
- CVE-2022-0337
- CVE-2022-0102
- CVE-2022-0103
- CVE-2022-4924
- CVE-2022-0104
- CVE-2022-0105
- CVE-2022-0106
- CVE-2022-0107
- CVE-2022-0108
- CVE-2022-0109
- CVE-2022-0111
- CVE-2022-0112
- CVE-2022-0113
- CVE-2022-0114
- CVE-2022-0115
- CVE-2022-0116
- CVE-2022-0117
- CVE-2022-0118
- CVE-2022-0120
- CVE-2022-4925
Frequently Asked Questions
1
What is the severity of CVE-2022-0110?
CVE-2022-0110 has a medium severity rating due to its potential for user interface spoofing in Google Chrome.
2
How do I fix CVE-2022-0110?
To remediate CVE-2022-0110, upgrade your Google Chrome browser to version 97.0.4692.71 or later.
3
Which versions of Chrome are affected by CVE-2022-0110?
All versions of Google Chrome prior to 97.0.4692.71 are affected by CVE-2022-0110.
4
What impact does CVE-2022-0110 have on users?
CVE-2022-0110 allows remote attackers to spoof the URL seen in the Omnibox, potentially misleading users.
5
Is there a workaround for CVE-2022-0110?
There are no known workarounds for CVE-2022-0110; upgrading to the fixed version is the recommended action.