CVE-2023-1817: 
vulnerability analysis and mitigation

Insufficient policy enforcement in Intents in Google Chrome on Android prior to version 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. The vulnerability was assigned a medium severity rating and was discovered by Axel Chong on February 22, 2023 (Chrome Release).

The vulnerability was identified as a policy enforcement issue specifically affecting the Intents functionality in Google Chrome for Android. The flaw allowed attackers to circumvent established navigation restrictions through specially crafted HTML pages. Google assigned this vulnerability a medium severity rating and provided a $1000 bounty reward for its discovery (Chrome Release).

The vulnerability could allow remote attackers to bypass navigation restrictions in Google Chrome on Android devices, potentially leading to unauthorized navigation or access to restricted content (Chrome Release).

The vulnerability was patched in Chrome version 112.0.5615.49. Users are advised to update their Chrome browsers to this version or later. The fix was also distributed to various Linux distributions including Debian, Fedora, and Gentoo through their respective security updates (Debian Security, Fedora Update, Gentoo Security).