CVE-2022-0337

MEDIUM

Google Chrome <97.0.4692.71 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-0337. PoCs published by Puliczek, zer0ne1, maldev866.

AI-analyzed exploit summary This repository documents CVE-2022-0337, an environment variable leak vulnerability in Chromium-based browsers (Chrome, Edge, Opera) via the `window.showSaveFilePicker()` API. The PoC demonstrates how an attacker could leak sensitive environment variables by exploiting file save dialogs.

Description

Inappropriate implementation in File System API in Google Chrome on Windows prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. (Chrome security severity: High)

Exploits (3)

nomisec WRITEUP 340 stars

by Puliczek · poc

https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera

View Code ZIP pw:eip

This repository documents CVE-2022-0337, an environment variable leak vulnerability in Chromium-based browsers (Chrome, Edge, Opera) via the `window.showSaveFilePicker()` API. The PoC demonstrates how an attacker could leak sensitive environment variables by exploiting file save dialogs.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Google Chrome (92-96), Microsoft Edge (92-96), Opera (78-82)

No auth needed

Prerequisites: User interaction (saving a file via dialog)

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec STUB

by zer0ne1 · poc

https://github.com/zer0ne1/CVE-2022-0337-RePoC

View Code ZIP pw:eip

The provided code is a minimal Flask application that does not demonstrate any exploit for CVE-2022-0337. It lacks offensive techniques or vulnerability exploitation logic.

Classification

Stub 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Unknown

No auth needed

Prerequisites: None

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec NO CODE

by maldev866 · poc

https://github.com/maldev866/ChExp-CVE-2022-0337-

View Code ZIP pw:eip

References (2)

Core 2

Core References

Release Notes, Vendor Advisory

https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html

Exploit, Vendor Advisory

https://crbug.com/1247389

Scores

CVSS v3 6.5

EPSS 0.0127

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-668

Status published

Products (1)

google/chrome < 97.0.4692.71

Published Jan 02, 2023

Tracked Since Feb 18, 2026