CVE-2022-3047

Medium

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to…

Chrome·NVD-CWE-Other·Published 2022-09-26

CVSS

6.5

EPSS

0.00

KEV

Exploits

Vendor statements (2)

cve.orgen

215 chars

Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page.

NVDes

272 chars

Una aplicación insuficiente de políticas en Extensions API en Google Chrome versiones anteriores a 105.0.5195.52, permitía a un atacante que convenciera a un usuario de instalar una extensión maliciosa omitir la política de descargas por medio de una página HTML diseñada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3.1	Primary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3.1	Primary	cve.org	6.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
3.1	Secondary	NVD	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N