CVE-2022-3310 — Client-Side Enforcement of Server-Side Security in Google Chrome

CWE-602 — Client-Side Enforcement of Server-Side Security8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 67.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Debian Chromium +2 more

Timeline

PublishedNov 1

Latest updateNov 2

Description

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5google/chromeunspecified — 106.0.5249.62

▶NVDgoogle/chrome< 106.0.5249.62

▶googlegoogle/chrome_chrome

▶debiandebian/chromium< chromium 106.0.5249.61-1 (bookworm)

▶Debianchromium/chromium< 106.0.5249.61-1~deb11u1+3

🔴Vulnerability Details

GHSA

GHSA-6x6f-v4f4-m9jh: Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106↗2022-11-02

▶

OSV

CVE-2022-3310: Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106↗2022-11-01

▶

📋Vendor Advisories

Microsoft

Chromium: CVE-2022-3310 Insufficient policy enforcement in Custom Tabs↗2022-10-11

▶

Chrome

Stable Channel Update for Desktop: CVE-2022-3308↗2022-09-27

▶

Debian

CVE-2022-3310: chromium - Insufficient policy enforcement in custom tabs in Google Chrome on Android prior...↗2022

▶

🕵️Threat Intelligence

Talos

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities↗2022-10-11

▶

Talos

Microsoft Patch Tuesday for October 2022 — Snort rules and prominent vulnerabilities↗2022-10-11

▶