VDB
CVE-2022-2861
CVE-2022-2861
PUBLISHED
CVSS 6.5 MEDIUM
Reported by Chrome · Published September 26, 2022
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.101 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts into WebUI via a crafted HTML page.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | unspecified | |
| Chrome | * |
Timeline
- Aug 25, 2022 CVE Published
- Sep 27, 2022 EPSS Score
- Nov 11, 2022 EPSS Score
- Dec 25, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 24, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Jun 21, 2023 EPSS Score
- Aug 5, 2023 EPSS Score
- Sep 18, 2023 EPSS Score
- Nov 2, 2023 EPSS Score
References
- x_refsource_MISC
- x_refsource_MISC
- FEDORA-2022-3f28aa88cf vendor-advisoryx_refsource_FEDORA