CVE-2022-42955 is a high-severity vulnerability affecting the PassWork browser extension version 5.0.9 for Chrome and other browsers. This vulnerability allows an attacker to obtain cleartext cached credentials stored by the extension. PassWork is a password management tool that stores user credentials to facilitate autofill and password management. The vulnerability is classified under CWE-312, which pertains to the cleartext storage of sensitive information. The CVSS 3.1 base score is 7.5, indicating a high severity level. The vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N indicates that the vulnerability can be exploited remotely over the network without any privileges or user interaction, and it results in a complete compromise of confidentiality (cleartext credentials disclosure) without impacting integrity or availability. Although no known exploits are currently reported in the wild, the exposure of plaintext cached credentials poses a significant risk. Attackers who successfully exploit this vulnerability can harvest stored passwords, potentially leading to unauthorized access to user accounts and further lateral movement or data breaches. The lack of patch information suggests that users should be cautious and seek updates or mitigations from the vendor or consider discontinuing use until a fix is available.

For European organizations, the impact of this vulnerability can be substantial. Many enterprises and individuals rely on password managers like PassWork to securely store and manage credentials. If attackers exploit this vulnerability, they can gain access to a wide range of sensitive accounts, including corporate email, internal applications, and cloud services. This can lead to data breaches, intellectual property theft, and unauthorized access to critical systems. Given the remote and no-interaction nature of the exploit, attackers can operate stealthily and at scale. The confidentiality breach could also undermine compliance with GDPR and other data protection regulations, potentially resulting in legal and financial penalties. Organizations using PassWork or allowing its use on corporate devices should consider the risk of credential leakage and the subsequent compromise of their security posture.

1. Immediate mitigation should include disabling or uninstalling the PassWork extension version 5.0.9 until a patched version is released. 2. Organizations should audit their environments to identify any installations of PassWork and remove or restrict its use on corporate devices. 3. Encourage users to change passwords for accounts managed by PassWork, especially if the extension was used on shared or less secure devices. 4. Implement endpoint monitoring to detect unusual access patterns or credential theft attempts. 5. Employ multi-factor authentication (MFA) on all critical accounts to reduce the impact of credential compromise. 6. Educate users about the risks of storing passwords in browser extensions that may not have robust security controls. 7. Monitor vendor communications for patches or updates addressing this vulnerability and apply them promptly. 8. Consider alternative password management solutions with verified security postures if PassWork is deemed too risky.