Password Manager Browser Extension Vulnerability in Avira
CVE-2022-28795

6.5MEDIUM

Key Information:

Vendor: Avira
Status: Avira Password Manager – Browser Extensions
Vendor: CVE Published:; 12 April 2022

What is CVE-2022-28795?

The vulnerability found in the Avira Password Manager Browser Extensions allows an attacker to exploit specially crafted web pages. When users visit these pages, the extension could inadvertently autofill sensitive password fields. This flaw enables attackers to harvest this information via JavaScript, potentially compromising user accounts. Mitigation has been provided in version 2.18.5 of the browser extensions for Chrome, MS Edge, Opera, Firefox, and Safari.

Affected Version(s)

Avira Password Manager – Browser Extensions Avira Password Manager - extension for Chrome

Avira Password Manager – Browser Extensions version 2.18.4.3868 Avira Password Manager - extension for MS Edge

Avira Password Manager – Browser Extensions version 2.18.4.3847 Avira Password Manager - extension for Opera

References

https://support.norton.com/sp/static/external/tools/secur...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 12, 2022
Vulnerability Reserved
Apr 7, 2022