CVE-2022-3310

EUVD-2022-42700
Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 32%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
< 106.0.5249.62
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
chromium
bookworm
128.0.6613.84-1~deb12u1
fixed
bookworm (security)
130.0.6723.91-1~deb12u1
fixed
bullseye
120.0.6099.224-1~deb11u1
fixed
bullseye (security)
120.0.6099.224-1~deb11u1
fixed
sid
130.0.6723.91-2
fixed
trixie
129.0.6668.89-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
bionic
Fixed 107.0.5304.87-0ubuntu11.18.04.1
released
focal
not-affected
jammy
not-affected
kinetic
not-affected
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
https://crbug.com/1240065
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
https://crbug.com/1240065