Back to directory

WRITEUP #742

CVE-2022-4908: SOP bypass in Chrome using Navigation API

OAuthSOP bypassBrowser hacking

by@joaxcar(Johan Carlsson)

Bounty

2,000

Program

Google (Chrome & Chromium)

Published

Oct 6, 2023

Added to HackDex

Jan 18, 2024

Read Full Writeuphttps://joaxcar.com/blog/2023/10/06/cve-2022-4908-sop-bypass-in-chrome-using-navigation-api/

▸ RELATED WRITEUPS

How I Got $250 For My Second Bug on HackerOne

OAuthSession expiration issue

AI Under Siege: Discovering and Exploiting Vulnerabilities

Stealing First Party Access Token of Facebook Users: Meta Bug Bounty

OAuthAccount takeover

Over 1 Million websites are at risk of sensitive information leakage - XSS is dead. Long live XSS

Self XSS + Login CSRF + OAuth = Account Takeover

Auth BypassAccount takeover

Built with ❤️ by Shubham Rawat