CVE-2022-2611: 
vulnerability analysis and mitigation

CVE-2022-2611 is a security vulnerability discovered in Google Chrome's Fullscreen API on Android devices prior to version 104.0.5112.79. The vulnerability was reported by Irvan Kurniawan (sourc7) on April 28, 2022, and allows a remote attacker to spoof the contents of the Omnibox (URL bar) through a crafted HTML page (Chrome Release).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The vulnerability allows attackers to spoof the contents of the Omnibox (URL bar) in Google Chrome on Android devices. This could potentially lead to users being misled about the website they are visiting, creating opportunities for phishing attacks or other forms of deception (CVE).

The vulnerability was patched in Google Chrome version 104.0.5112.79 for Android. Users and administrators should ensure their Chrome browsers are updated to this version or later. The fix was also incorporated into various Linux distributions including Debian, Fedora, and Gentoo through their respective security updates (Debian Security, Gentoo Security).