Vulnerability CVE-2022-3310: Information

Description

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-3310
Published: Nov. 1, 2022
Modified: Dec. 9, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus106.0.5249.61-alt1124.0.6367.118-alt1ALT-PU-2022-2693-1307529Fixed
chromiump10106.0.5249.61-alt0.p10.1119.0.6045.159-alt0.p10.1ALT-PU-2022-2742-1307736Fixed
chromiumc10f1106.0.5249.61-alt0.p10.1110.0.5481.177-alt1.p10.1ALT-PU-2022-2742-1307736Fixed
chromium-gostsisyphus106.0.5249.103-alt1124.0.6367.78-alt1ALT-PU-2022-2835-1308335Fixed
chromium-gostp10110.0.5481.177-alt1.p10.1110.0.5481.177-alt1.p10.1ALT-PU-2023-1462-1310327Fixed
chromium-gostc10f1110.0.5481.177-alt1.p10.1110.0.5481.177-alt1.p10.1ALT-PU-2023-1462-1310327Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html
  • Release Notes
  • Vendor Advisory
https://crbug.com/1240065
  • Exploit
  • Issue Tracking
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
      Running on/with:
      cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top