CVE-2022-3308

High

Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform…

Chrome·NVD-CWE-noinfo·Published 2022-11-01

CVSS

7.4

EPSS

0.01

KEV

Exploits

cve.orgen

218 chars

Insufficient policy enforcement in developer tools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

NVDen

218 chars

NVDes

290 chars

La aplicación insuficiente de políticas en las herramientas de desarrollo de Google Chrome anteriores a la versión 106.0.5249.62 permitía a un atacante remoto realizar potencialmente un escape de la sandbox a través de una página HTML manipulada. (Severidad de seguridad de Chromium: Media)

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.4	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
3.1	Primary	NVD	7.4	2.8	4.0	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N