CVE-2022-3310

NameCVE-2022-3310
DescriptionInsufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
ReferencesDSA-5244-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
chromium (PTS)buster, buster (security)90.0.4430.212-1~deb10u1vulnerable
bullseye104.0.5112.79-1~deb11u1vulnerable
bullseye (security)108.0.5359.94-1~deb11u1fixed
bookworm, sid108.0.5359.94-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
chromiumsourcebuster(unfixed)end-of-life
chromiumsourcebullseye106.0.5249.61-1~deb11u1DSA-5244-1
chromiumsource(unstable)106.0.5249.61-1

Notes

[buster] - chromium <end-of-life> (see DSA 5046)

Search for package or bug name: Reporting problems