Search for vulnerabilities
Vulnerability details: VCID-8j41-gfww-aaap
Vulnerability ID VCID-8j41-gfww-aaap
Aliases CVE-2022-2856
Summary Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 104.0.5112.101 allowed a remote attacker to arbitrarily browse to a malicious website via a crafted HTML page.
Status Published
Exploitability 2.0
Weighted Severity 5.9
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
epss 0.01792 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01792 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01792 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01792 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01792 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01792 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01888 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01888 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01888 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01888 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01888 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01888 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.01888 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02081 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02081 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02364 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02908 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02908 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02908 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02908 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02908 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02908 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02908 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.02941 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03079 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03079 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03079 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03079 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03079 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03079 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03459 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.03744 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.11372 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.11372 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
epss 0.11372 https://api.first.org/data/v1/epss?cve=CVE-2022-2856
cvssv3 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2856
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-2856
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2022-2856
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
https://crbug.com/1345630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2856
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2998
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T4NMJURTG5RO3TGD7ZMIQ6Z4ZZ3SAVYE/
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
CVE-2022-2856 https://nvd.nist.gov/vuln/detail/CVE-2022-2856
Data source KEV
Date added Aug. 18, 2022
Description Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Required action Apply updates per vendor instructions.
Due date Sept. 8, 2022
Note 
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-2856
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2856
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2022-2856
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.81131
EPSS Score 0.01792
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.