{"api_version":"1","generated_at":"2026-04-23T04:52:47+00:00","cve":"CVE-2022-3310","urls":{"html":"https://cve.report/CVE-2022-3310","api":"https://cve.report/api/cve/CVE-2022-3310.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-3310","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-3310"},"summary":{"title":"CVE-2022-3310","description":"Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)","state":"PUBLIC","assigner":"chrome-cve-admin@google.com","published_at":"2022-11-01 20:15:00","updated_at":"2022-12-09 15:48:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"https://crbug.com/1240065","name":"https://crbug.com/1240065","refsource":"MISC","tags":[],"title":"1240065 - \n \n \n chromium -\n \n \n An open-source project to help move the web forward. - \n \n Monorail","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html","name":"https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html","refsource":"MISC","tags":[],"title":"Chrome Releases: Stable Channel Update for Desktop","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-3310","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-3310","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"3310","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2022","cve_id":"3310","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"google","cpe5":"chrome","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2022-3310","qid":"181085","title":"Debian Security Update for chromium (DSA 5244-1)"},{"cve":"CVE-2022-3310","qid":"183788","title":"Debian Security Update for chromium (CVE-2022-3310)"},{"cve":"CVE-2022-3310","qid":"377610","title":"Google Chrome Prior to 106.0.5249.61 Multiple Vulnerabilities"},{"cve":"CVE-2022-3310","qid":"377613","title":"Microsoft Edge Based on Chromium Prior to 106.0.1370.34 Multiple Vulnerabilities"},{"cve":"CVE-2022-3310","qid":"630864","title":"For ios Vulnerability CVE-2022-3310"},{"cve":"CVE-2022-3310","qid":"690946","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for chromium (18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec)"},{"cve":"CVE-2022-3310","qid":"710646","title":"Gentoo Linux Chromium, Google Chrome, Microsoft Edge Multiple Vulnerabilities (GLSA 202210-16)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2022-3310","ASSIGNER":"chrome-cve-admin@google.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Insufficient policy enforcement"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Google","product":{"product_data":[{"product_name":"Chrome","version":{"version_data":[{"version_value":"106.0.5249.62","version_affected":"<"}]}}]}}]}},"references":{"reference_data":[{"url":"https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html","refsource":"MISC","name":"https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html"},{"url":"https://crbug.com/1240065","refsource":"MISC","name":"https://crbug.com/1240065"}]}},"nvd":{"publishedDate":"2022-11-01 20:15:00","lastModifiedDate":"2022-12-09 15:48:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","versionEndExcluding":"106.0.5249.62","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":null,"notes":[]}}}