CVE-2023-0700: 
vulnerability analysis and mitigation

A medium severity vulnerability (CVE-2023-0700) was discovered in Google Chrome versions prior to 110.0.5481.77. The vulnerability was reported by Axel Chong on November 26, 2022, and was related to an inappropriate implementation in the Download component (Chrome Release).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality, high impact on integrity, and no impact on availability (NVD).

The vulnerability allows a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This could lead to effective phishing attacks by deceiving users about the website they are visiting (AttackerKB).

The vulnerability has been patched in Chrome version 110.0.5481.77 and later. Users are advised to update their Chrome browser to the latest version to mitigate this security risk (Chrome Release, Gentoo Security).