CVE-2022-3310

medium

Description

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)

References

https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html

https://crbug.com/1240065

Details

Source: MITRE

Published: 2022-11-01

Updated: 2022-12-09

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM