CVE-2023-1223: 
vulnerability analysis and mitigation

A medium severity vulnerability (CVE-2023-1223) was identified in Google Chrome's Autofill feature on Android devices. The vulnerability was discovered by Ahmed ElMasry on December 7, 2022, and was officially patched in Chrome version 111.0.5563.64, released on March 7, 2023. The issue was related to insufficient policy enforcement in the Autofill functionality, which could potentially allow remote attackers to access cross-origin data (Chrome Releases, NVD).

The vulnerability was classified as a medium severity issue due to insufficient policy enforcement in Chrome's Autofill feature. Google awarded a bug bounty of $5,000 for this vulnerability report, indicating its moderate impact on system security. The issue was tracked internally under bug ID 1398579 (Chrome Releases).

The vulnerability could allow remote attackers to leak cross-origin data through the Autofill feature in Google Chrome on Android devices. This could potentially lead to unauthorized access to user information across different origins (NVD).

The vulnerability was addressed in Chrome version 111.0.5563.64, released on March 7, 2023. Users are advised to update their Chrome browsers to this version or later to protect against this vulnerability. The fix was also included in the Debian security update DSA-5371-1 (Chrome Releases, Debian Security).