[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001
From: Carlos Alberto Lopez Perez <clopez () igalia ! com>
Date: 2022-01-31 18:49:31
Message-ID: c20a5ac6-ec02-88ea-f6d4-713c93373904 () igalia ! com
[Download RAW message or body]
On 21/01/2022 16:53, Carlos Alberto Lopez Perez wrote:
> CVE-2022-XXXXX
> Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
> Credit to Martin Bajanik from fingerprintjs.com.
> Impact: A malicious website may exfiltrate data cross-origin.
> Description: A cross-origin issue existed with the IndexedDB. This
> was addressed with improved checking of security origins.
> Notes: There is a public PoC demonstrating this issue at
> https://safarileaks.com so this issue may have been actively
> exploited. We still don't know the CVE number that will be assigned
> to this issue. We will update this advisory once we know it.
The data for the above unknown CVE number is now updated with the info below:
CVE-2022-22594
Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
Credit to Martin Bajanik of fingerprintjs.com.
Impact: A website may be able to track sensitive user information.
Description: A cross-origin issue in the IndexDB API was addressed
with improved input validation. Notes: There is a public PoC
demonstrating this issue at safarileaks.com so it may have been
actively exploited.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic