so.cl

Successful exploitation of this vulnerability can lead to the leak of user’s secrets stored inside a system environment variables. A security bug was found in Chromium 92 version and patched in 97 version. There are several web browsers based on the chromium engine, for instance, Google Chrome, Microsoft Edge, Opera, and Brave. All of them were vulnerable, except for Brave. The vulnerability is in the File system access API, more specifically in window.showSaveFilePicker() method. CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera