CVE-2022-3310

MEDIUM

Google Chrome <106.0.5249.62 - Privilege Escalation

Title source: llm

Description

Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)

References (2)

[Release Notes, Vendor Advisory] https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html

[Exploit, Issue Tracking, Vendor Advisory] https://crbug.com/1240065

Scores

CVSS v3 6.5

EPSS 0.0013

EPSS Percentile 32.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-602

Status published

Products (1)

google/chrome < 106.0.5249.62

Published Nov 01, 2022

Tracked Since Feb 18, 2026