CVE-2022-1307: 
vulnerability analysis and mitigation

Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. The vulnerability was discovered on February 21, 2022, and was assigned CVE-2022-1307 with a CVSS v3.1 base score of 4.3 (MEDIUM) (NVD).

The vulnerability is classified as CWE-290 (Authentication Bypass by Spoofing) and has a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The vulnerability allows an attacker to spoof the contents of the URL bar (Omnibox) in Google Chrome on Android devices. This could potentially lead to phishing attacks where users might be tricked into believing they are on a legitimate website when they are actually on a malicious one (Chrome Release).

The vulnerability was patched in Google Chrome version 100.0.4896.88. Users and administrators are advised to update their Chrome installations to this version or later to mitigate the risk (Chrome Release).