CVE-2022-3310
Debian Security Advisory 5244-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)
La aplicación insuficiente de políticas en pestañas personalizadas en Google Chrome en Android antes de la versión 106.0.5249.62 permitió que un atacante que convenciera al usuario de instalar una aplicación eludiera la política del mismo origen a través de una aplicación manipulada. (Severidad de seguridad de Chromium: Media)
Multiple vulnerabilities have been found in Chromium and its derivatives, the worst of which could result in remote code execution. Versions less than 106.0.5249.119 are affected.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-26 CVE Reserved
- 2022-09-28 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://crbug.com/1240065 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html | 2022-12-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 106.0.5249.62 Search vendor "Google" for product "Chrome" and version " < 106.0.5249.62" | - |
Affected
| in | Google Search vendor "Google" | Android Search vendor "Google" for product "Android" | - | - |
Safe
|