Homepage
About Snyk

Insecure Defaults Affecting chromium package, versions [,101.0.4951.64)

0.0
medium

Snyk CVSS

    Attack Complexity High

    Threat Intelligence

    EPSS 0.13% (48th percentile)
Expand this section
NVD
4.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-UNMANAGED-CHROMIUM-2833550
  • published 18 May 2022
  • disclosed 18 May 2022
  • credit Alesandro Ortiz
Report a new vulnerability Found a mistake?

Introduced: 18 May 2022

CVE-2022-1637 Open this link in a new tab
CWE-453 Open this link in a new tab

How to fix?

Upgrade chromium to version 101.0.4951.64 or higher.

Overview

Affected versions of this package are vulnerable to Insecure Defaults when using GetOriginalOpener to get opener's origin on FrameTree initialization. GetOriginalOpener was used to get the opener, but that function will actually return the main frame of the opener. This means when the FrameTree is opened by a non-main frame, it might inherit the wrong origin.