Vulnerabilities > CVE-2022-28226 - Exposure of Resource to Wrong Sphere vulnerability in Yandex Browser

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

yandex

CWE-668

NVD

Published: 2022-06-15

Updated: 2023-08-08

Summary

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.

Vulnerable Configurations

Part	Description	Count
Application	Yandex Yandex Yandex Browser - Yandex Yandex Browser 15.2.2214.3645 Yandex Yandex Browser 15.4.2272.3429 Yandex Yandex Browser 15.6.2311.5029 Yandex Yandex Browser 15.10 Yandex Yandex Browser 15.10.2454.3845 Yandex Yandex Browser 15.12 Yandex Yandex Browser 15.12.0 Yandex Yandex Browser 15.12.0.6151 Yandex Yandex Browser 15.12.1.6475 Yandex Yandex Browser 16.2 Yandex Yandex Browser 16.2.0.3539 Yandex Yandex Browser 16.4.0.9335 Yandex Yandex Browser 16.4.0.9404 Yandex Yandex Browser 16.6 Yandex Yandex Browser 16.6.0.8810 Yandex Yandex Browser 16.6.1.9652 Yandex Yandex Browser 16.6.1.30165 Yandex Yandex Browser 16.7.0 Yandex Yandex Browser 16.7.0.2777 Yandex Yandex Browser 16.7.0.3342 Yandex Yandex Browser 16.7.1.2912 Yandex Yandex Browser 16.7.1.20808 Yandex Yandex Browser 16.9 Yandex Yandex Browser 16.9.0 Yandex Yandex Browser 16.9.0.1424 Yandex Yandex Browser 16.9.1.1131 Yandex Yandex Browser 16.9.1.1616 Yandex Yandex Browser 16.10 Yandex Yandex Browser 16.10.0.1326 Yandex Yandex Browser 16.10.0.2357 Yandex Yandex Browser 16.10.1.1443 Yandex Yandex Browser 16.10.2.1487 Yandex Yandex Browser 16.11.0.649 Yandex Yandex Browser 17.1 Yandex Yandex Browser 17.1.0.412 Yandex Yandex Browser 17.1.1.227 Yandex Yandex Browser 17.1.1.359 Yandex Yandex Browser 17.1.2.339 Yandex Yandex Browser 17.3.0.373 Yandex Yandex Browser 17.3.1.369 Yandex Yandex Browser 17.4 Yandex Yandex Browser 17.4.0.16 Yandex Yandex Browser 17.4.0.126 Yandex Yandex Browser 17.4.0.491 Yandex Yandex Browser 17.4.0.544 Yandex Yandex Browser 17.4.1.352 Yandex Yandex Browser 17.6.0.312 Yandex Yandex Browser 17.7.0.1094 Yandex Yandex Browser 18.3.1.651 Yandex Yandex Browser 18.4.1.488 Yandex Yandex Browser 18.4.1.498 Yandex Yandex Browser 18.4.1.529 Yandex Yandex Browser 18.6.0.683 Yandex Yandex Browser 18.7.0.823 Yandex Yandex Browser 18.7.1.575 Yandex Yandex Browser 18.7.1.595 Yandex Yandex Browser 18.9.1.2199 Yandex Yandex Browser 18.9.2.31 Yandex Yandex Browser 18.10.0.1012 Yandex Yandex Browser 18.10.1.887 Yandex Yandex Browser 18.10.2.113 Yandex Yandex Browser 18.10.2.119 Yandex Yandex Browser 18.11.0.1462 Yandex Yandex Browser 18.11.1.979 Yandex Yandex Browser 18.11.2.730 Yandex Yandex Browser 19.1.0.1114 Yandex Yandex Browser 19.1.1.692 Yandex Yandex Browser 19.1.2.337 Yandex Yandex Browser 19.1.3.198 Yandex Yandex Browser 19.3.0.597 Yandex Yandex Browser 19.3.1.333 Yandex Yandex Browser 19.3.2.347 Yandex Yandex Browser 19.3.3.288 Yandex Yandex Browser 19.3.4.339 Yandex Yandex Browser 19.3.5.299 Yandex Yandex Browser 19.3.6.275 Yandex Yandex Browser 19.3.7.195 Yandex Yandex Browser 19.4.0.535 Yandex Yandex Browser 19.4.1.435 Yandex Yandex Browser 19.4.1.454 Yandex Yandex Browser 19.4.2.454 Yandex Yandex Browser 19.4.3.352 Yandex Yandex Browser 19.4.4.317 Yandex Yandex Browser 19.4.5.141 Yandex Yandex Browser 19.6.0.612 Yandex Yandex Browser 19.6.1.396 Yandex Yandex Browser 19.6.2.338 Yandex Yandex Browser 19.6.3.318 Yandex Yandex Browser 19.6.4.349 Yandex Yandex Browser 19.7.0.117 Yandex Yandex Browser 19.7.1.93 Yandex Yandex Browser 19.7.2.90 Yandex Yandex Browser 19.7.3.91 Yandex Yandex Browser 19.7.4.97 Yandex Yandex Browser 19.7.6.137 Yandex Yandex Browser 19.7.7.115 Yandex Yandex Browser 19.9.1.126 Yandex Yandex Browser 19.9.3.116 Yandex Yandex Browser 19.9.4.104 Yandex Yandex Browser 19.9.6.88 Yandex Yandex Browser 19.10.1.81 Yandex Yandex Browser 20.8.0 Yandex Yandex Browser 20.8.3 Yandex Yandex Browser 20.8.4 Yandex Yandex Browser 20.10.0 Yandex Yandex Browser 21.1.0 Yandex Yandex Browser 21.3.0 Yandex Yandex Browser 21.9.0.390 Yandex Yandex Browser 22.3.3.684	120
OS	Microsoft Microsoft Windows -	1

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://yandex.com/bugbounty/i/hall-of-fame-browser/