CVE-2022-28868: 
NixOS vulnerability analysis and mitigation

An Address bar spoofing vulnerability (CVE-2022-28868) was discovered in F-Secure Safe Browser for Android. The vulnerability was disclosed on April 14, 2022, affecting F-Secure Internet Security Browser for Android Version 18.6 and below. When a user clicks on a specially crafted malicious webpage/URL, they may be tricked for a short period of time (until the page loads) to think content is coming from a valid domain, while the content actually comes from an attacker-controlled site (F-Secure Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N. The vulnerability requires user interaction and can be exploited remotely without requiring privileges. The attack complexity is considered low, and it primarily affects the integrity of the system through URL spoofing (NVD).

The vulnerability allows attackers to perform address bar spoofing attacks, potentially misleading users about the authenticity of websites they are visiting. During the brief loading period, users may believe they are accessing a legitimate domain while actually viewing content from a malicious site, which could lead to phishing attacks or other forms of deception (F-Secure Advisory).

F-Secure released a fix through their automatic update channel on April 13, 2022. No user action is required as the update is distributed automatically. The vulnerability is considered fixed in versions after 18.6 (F-Secure Advisory).