CVE-2022-1130: 
vulnerability analysis and mitigation

CVE-2022-1130 is a security vulnerability discovered in Google Chrome's WebOTP feature on Android devices prior to version 100.0.4896.60. The vulnerability was reported by Sergey Toshin of Oversecurity Inc. on October 25, 2020, and was publicly disclosed on March 29, 2022. The issue stems from insufficient validation of trusted input in the WebOTP functionality (Chrome Release).

The vulnerability is classified as a High severity issue that involves insufficient validation of untrusted input in the WebOTP (Web One-Time Password) feature. This security flaw specifically affects Google Chrome on Android devices running versions prior to 100.0.4896.60. The vulnerability allows a remote attacker to send arbitrary intents from any app through a malicious application (NVD).

When exploited, this vulnerability enables remote attackers to send arbitrary intents from any application through a malicious app, potentially compromising the security of the WebOTP system. This could lead to unauthorized access to one-time passwords and potentially compromise user authentication processes (NVD).

The vulnerability was patched in Google Chrome version 100.0.4896.60 for Android. Users are advised to update their Chrome browser to this version or later to mitigate the risk. The fix was included in the stable channel update released by Google (Chrome Release).