CVE-2022-3310 Affecting chromium package, versions <106.0.5249.61-1
Snyk CVSS
Attack Complexity
Low
User Interaction
Required
Integrity
High
Threat Intelligence
EPSS
0.08% (33rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-CHROMIUM-3034722
- published 28 Sep 2022
- disclosed 1 Nov 2022
Introduced: 28 Sep 2022
CVE-2022-3310 Open this link in a new tabHow to fix?
Upgrade Debian:unstable chromium to version 106.0.5249.61-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream chromium package and not the chromium package as distributed by Debian.
See How to fix? for Debian:unstable relevant fixed versions and status.
Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)