Sensitive Cookie with Improper SameSite Attribute
CVE-2022-4926
Summary
Insufficient policy enforcement in Intents in Google Chrome on Android versions prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-1275 - Sensitive Cookie with Improper SameSite Attribute
The SameSite attribute for sensitive cookies is not set, or an insecure value is used.
References
Advisory Timeline
- Published
