Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001

Related Vulnerabilities: CVE-2022-22594  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Carlos Alberto Lopez Perez &lt;clopez () igalia com&gt;

Date: Mon, 31 Jan 2022 18:49:31 +0000

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On 21/01/2022 16:53, Carlos Alberto Lopez Perez wrote:
CVE-2022-XXXXX
    Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
    Credit to Martin Bajanik from fingerprintjs.com.
    Impact: A malicious website may exfiltrate data cross-origin.
    Description: A cross-origin issue existed with the IndexedDB. This
    was addressed with improved checking of security origins. 
    Notes: There is a public PoC demonstrating this issue at
    https://safarileaks.com so this issue may have been actively
    exploited. We still don't know the CVE number that will be assigned
    to this issue. We will update this advisory once we know it.

The data for the above unknown CVE number is now updated with the info below:

CVE-2022-22594
    Versions affected: WebKitGTK and WPE WebKit before 2.34.4.
    Credit to Martin Bajanik of fingerprintjs.com.
    Impact: A website may be able to track sensitive user information.
    Description: A cross-origin issue in the IndexDB API was addressed
    with improved input validation. Notes: There is a public PoC
    demonstrating this issue at safarileaks.com so it may have been
    actively exploited.

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Carlos Alberto Lopez Perez (Jan 21)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 23)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 24)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 John Helmert III (Jan 24)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Leo Famulari (Jan 29)
Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Sam James (Jan 30)

Re: WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001 Carlos Alberto Lopez Perez (Jan 31)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started