CVE-2023-0697: 
vulnerability analysis and mitigation

CVE-2023-0697 is a high-severity security vulnerability discovered in Google Chrome's full screen mode implementation on Android devices prior to version 110.0.5481.77. The vulnerability was reported by Ahmed ElMasry on July 3, 2022, and was officially disclosed on February 7, 2023 (Chrome Blog).

The vulnerability stems from an inappropriate implementation in the full screen mode feature of Google Chrome on Android. It has been assigned a CVSS v3.1 base score of 6.5 (Medium), with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates that the vulnerability can be exploited remotely, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

The vulnerability allows a remote attacker to spoof the contents of the security UI through a crafted HTML page when the browser is in full screen mode. This could potentially lead to users being deceived about the security status or origin of the webpage they are viewing (CVE).

The vulnerability has been patched in Google Chrome version 110.0.5481.77 for Android. Users are advised to update their Chrome browsers to this version or later to protect against this security issue (Gentoo Advisory).