CVE-2022-0117: Policy bypass in Service Workers

Q: What is the severity of CVE-2022-0117?

CVE-2022-0117 is considered a medium severity vulnerability that allows cross-origin data leakage.

Q: How do I fix CVE-2022-0117?

To fix CVE-2022-0117, update Google Chrome to version 97.0.4692.71 or later.

Q: Who is affected by CVE-2022-0117?

CVE-2022-0117 affects versions of Google Chrome prior to 97.0.4692.71 and specific versions of Chromium on Debian.

Q: What causes CVE-2022-0117?

CVE-2022-0117 is caused by a policy bypass in the Blink rendering engine in Google Chrome.

Q: How was CVE-2022-0117 discovered?

CVE-2022-0117 was discovered as a result of vulnerability reporting and analysis by security researchers.

Published Aug 13, 2020

Updated

Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Credit

Dongsung Kim@@kid1ng

Affected Software

6 affected componentsFixes available

debian/chromium<=90.0.4430.212-1~deb10u1

116.0.5845.180-1~deb11u1118.0.5993.70-1~deb11u1116.0.5845.180-1~deb12u1118.0.5993.70-1~deb12u1118.0.5993.70-1

Google Chrome<97.0.4692.71

97.0.4692.71

Google Chrome<97.0.4692.71

fedoraproject fedora=34

fedoraproject fedora=35

fedoraproject fedora=36

Remediation

Patch Available

https://crbug.com/1115847

Event History

Aug 13, 2020

CVE Published

12:00 AM

Feb 11, 2022

CVE Published

via MITRE·11:36 PM

Data Sourced

via MITRE·11:36 PM

DescriptionWeakness

Parent advisories

This vulnerability appears in the following advisories.

3758141203538733592

Peer vulnerabilities

Found alongside the following vulnerabilities.

Frequently Asked Questions

What is the severity of CVE-2022-0117?