CVE-2022-3447: 
vulnerability analysis and mitigation

A high-severity vulnerability (CVE-2022-3447) was discovered in Google Chrome's Custom Tabs on Android prior to version 106.0.5249.119. The vulnerability allowed remote attackers to spoof the contents of the Omnibox (URL bar) through a crafted HTML page. This security issue was reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on September 22, 2022 (Chrome Release).

The vulnerability stems from an inappropriate implementation in Custom Tabs feature in Google Chrome on Android. It has been assigned a CVSS v3.1 base score of 4.3 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that it is network exploitable, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability allows attackers to spoof the contents of the Omnibox (URL bar), which could potentially mislead users about the website they are visiting. This could be used in phishing attacks where users might believe they are on a legitimate website when they are actually on a malicious one (NVD).

The vulnerability was patched in Google Chrome version 106.0.5249.119. Users should update their Chrome browsers to this version or later to protect against this vulnerability (Chrome Release).