CVE-2022-0108
First published: Sat Feb 12 2022(Updated: )
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Credit: chrome-cve-admin@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple watchOS | <9.3 | 9.3 |
| Apple tvOS | <16.3 | 16.3 |
| <13.2 | 13.2 | |
| Apple iOS | <16.3 | 16.3 |
| Apple iPadOS | <16.3 | 16.3 |
| Apple Safari | <16.3 | 16.3 |
| Google Chrome | <97.0.4692.71 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| debian/chromium | <=90.0.4430.212-1~deb10u1 | 116.0.5845.180-1~deb11u1 118.0.5993.117-1~deb11u1 116.0.5845.180-1~deb12u1 118.0.5993.117-1~deb12u1 118.0.5993.117-1 119.0.6045.105-1 |
| debian/webkit2gtk | <=2.36.4-1~deb10u1 | 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2 |
| debian/wpewebkit | 2.38.6-1~deb11u1 2.38.6-1 2.42.1-1 | |
| ubuntu/chromium-browser | <97.0.4692.71-0ubuntu0.18.04.1 | 97.0.4692.71-0ubuntu0.18.04.1 |
| ubuntu/webkit2gtk | <2.38.6-0ubuntu0.20.04.1 | 2.38.6-0ubuntu0.20.04.1 |
| ubuntu/webkit2gtk | <2.38.6-0ubuntu0.22.04.1 | 2.38.6-0ubuntu0.22.04.1 |
| ubuntu/webkit2gtk | <2.38.6-0ubuntu0.22.10.1 | 2.38.6-0ubuntu0.22.10.1 |
| ubuntu/webkit2gtk | <2.40.1-0ubuntu0.23.04.1 | 2.40.1-0ubuntu0.23.04.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT213599 (Advisory)
- https://support.apple.com/en-us/HT213601 (Advisory)
- https://support.apple.com/en-us/HT213605 (Advisory)
- https://support.apple.com/en-us/HT213606 (Advisory)
- https://support.apple.com/en-us/HT213638 (Advisory)
- https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html
- https://crbug.com/1248444
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QL5OGMSHRQ26FTYWZUXVNWB2VHOSVXK/
- http://www.openwall.com/lists/oss-security/2023/04/21/3
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OKKVEUQAAGH3NHMX3WHWKRPYU4QFKTQ/
- https://www.debian.org/security/2023/dsa-5396
- https://www.debian.org/security/2023/dsa-5397
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KC7DMUX37BRCLAI4VPQYHDUVEGTNYN5A/
- https://launchpad.net/bugs/cve/CVE-2022-0108
- https://lists.debian.org/debian-lts-announce/2023/05/msg00011.html
- https://webkitgtk.org/security/WSA-2023-0003.html
- https://security-tracker.debian.org/tracker/CVE-2022-0108
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0108
- https://ubuntu.com/security/notices/USN-6061-1
- https://nvd.nist.gov/vuln/detail/CVE-2022-0108
- https://ubuntu.com/security/CVE-2022-0108
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2023-32438
- CVE-2023-23499
- CVE-2023-23520
- CVE-2023-41990
- CVE-2023-23519
- CVE-2023-23500
- CVE-2023-23502
- CVE-2023-23504
- CVE-2023-23503
- CVE-2023-23512
- CVE-2023-23505
- CVE-2023-23511
- CVE-2023-32393
- CVE-2022-0108
- CVE-2023-23496
- CVE-2023-23518
- CVE-2023-23517
- CVE-2022-42915
- CVE-2022-42916
- CVE-2022-32221
- CVE-2022-35260
- CVE-2023-23539
- CVE-2023-23513
- CVE-2023-23493
- CVE-2023-23530
- CVE-2023-23531
- CVE-2023-23507
- CVE-2023-23516
- CVE-2023-23506
- CVE-2023-23498
- CVE-2023-28208
- CVE-2023-23497
- CVE-2023-23510
- CVE-2022-3705
- CVE-2023-23501
- CVE-2023-23508
- CVE-2023-23529
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-0108.
What is the title of the vulnerability?
The title of the vulnerability is WebKit.
What is the description of the vulnerability?
The vulnerability is related to inappropriate implementation in Navigation in Google Chrome prior to version 97.0.4692.71, allowing a remote attacker to leak cross-origin data via a crafted HTML page.
What software are affected by this vulnerability?
The following software are affected by this vulnerability: Apple Safari up to version 16.3, Ubuntu Chromium Browser up to version 97.0.4692.71-0ubuntu0.18.04.1, Ubuntu Webkit2gtk up to version 2.38.6-0ubuntu0.20.04.1, Ubuntu Webkit2gtk up to version 2.38.6-0ubuntu0.22.04.1, Ubuntu Webkit2gtk up to version 2.38.6-0ubuntu0.22.10.1, Ubuntu Webkit2gtk up to version 2.40.1-0ubuntu0.23.04.1, Debian Chromium up to version 90.0.4430.212-1~deb10u1, Debian Webkit2gtk up to version 2.36.4-1~deb10u1, Debian Webkit2gtk up to version 2.38.5-1~deb11u1, Debian Wpewebkit up to version 2.38.5-1~deb11u1, Apple watchOS up to version 9.3, Apple tvOS up to version 16.3, Apple macOS Ventura up to version 13.2, Apple iOS up to version 16.3, and Apple iPadOS up to version 16.3.
What is the severity of this vulnerability?
The severity of this vulnerability is not mentioned.
Is there a fix available for this vulnerability?
Yes, the fix for this vulnerability is available in Apple Safari version 16.3, Ubuntu Chromium Browser version 97.0.4692.71-0ubuntu0.18.04.1, Ubuntu Webkit2gtk version 2.38.6-0ubuntu0.20.04.1, Ubuntu Webkit2gtk version 2.38.6-0ubuntu0.22.04.1, Ubuntu Webkit2gtk version 2.38.6-0ubuntu0.22.10.1, Ubuntu Webkit2gtk version 2.40.1-0ubuntu0.23.04.1, Debian Chromium version 90.0.4430.212-1~deb10u1, Debian Webkit2gtk version 2.36.4-1~deb10u1, Debian Webkit2gtk version 2.38.5-1~deb11u1, Debian Wpewebkit version 2.38.5-1~deb11u1, Apple watchOS version 9.3, Apple tvOS version 16.3, Apple macOS Ventura version 13.2, Apple iOS version 16.3, and Apple iPadOS version 16.3.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/apple-support
- source/Apple
- agent/software-canonical-lookup-request
- agent/software-canonical-lookup
- collector/launchpad-cve
- collector/nvd-cve
- collector/nvd-index
- collector/security-tracker-debian
- collector/usn-cve
- vendor/apple
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple macos ventura
- canonical/apple ios
- canonical/apple ipados
- canonical/apple safari
- vendor/google
- canonical/google chrome
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- package-manager/debian
- package-manager/ubuntu