CVE-2022-0112: Incorrect security UI in Browser UI

Q: What is the severity of CVE-2022-0112?

CVE-2022-0112 is considered a medium-severity vulnerability due to its potential to mislead users with incorrect URLs.

Q: How do I fix CVE-2022-0112?

To fix CVE-2022-0112, update your Google Chrome or Chromium browser to version 97.0.4692.71 or later.

Q: What systems are affected by CVE-2022-0112?

CVE-2022-0112 affects multiple versions of Google Chrome and Chromium prior to 97.0.4692.71, as well as specific Fedora distributions.

Q: What type of attack does CVE-2022-0112 enable?

CVE-2022-0112 allows a remote attacker to potentially display missing or incorrect URLs, which may lead to phishing attacks.

Q: When was CVE-2022-0112 published?

CVE-2022-0112 was published in January 2022 as part of the regular Chrome security updates.

Published Oct 4, 2021

Updated

Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.

Credit

Thomas Orlita

Affected Software

6 affected componentsFixes available

debian/chromium<=90.0.4430.212-1~deb10u1

116.0.5845.180-1~deb11u1118.0.5993.70-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.70-1~deb12u1118.0.5993.70-1

Google Chrome<97.0.4692.71

97.0.4692.71

Google Chrome<97.0.4692.71

fedoraproject fedora=34

fedoraproject fedora=35

fedoraproject fedora=36

Remediation

Patch Available

https://crbug.com/1255713

Event History

Oct 4, 2021

CVE Published

12:00 AM

Feb 11, 2022

CVE Published

via MITRE·11:36 PM

Data Sourced

via MITRE·11:36 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

3758141203538733592

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2022-0112?