Insecure Defaults Affecting chromium package, versions [,101.0.4951.64)
Snyk CVSS
Attack Complexity
High
Threat Intelligence
EPSS
0.13% (48th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UNMANAGED-CHROMIUM-2833550
- published 18 May 2022
- disclosed 18 May 2022
- credit Alesandro Ortiz
Introduced: 18 May 2022
CVE-2022-1637 Open this link in a new tabHow to fix?
Upgrade chromium
to version 101.0.4951.64 or higher.
Overview
Affected versions of this package are vulnerable to Insecure Defaults when using GetOriginalOpener
to get opener's origin on FrameTree initialization. GetOriginalOpener
was used to get the opener, but that function will actually return the main frame of the opener. This means when the FrameTree is opened by a non-main frame, it might inherit the wrong origin.