CVE-2023-3736: 
vulnerability analysis and mitigation

CVE-2023-3736 is a security vulnerability discovered in Google Chrome's Custom Tabs implementation on Android. The vulnerability was reported by Philipp Beer from TU Wien on April 19, 2023, and was patched in Chrome version 115.0.5790.98. This vulnerability allowed a remote attacker to leak cross-origin data through a crafted HTML page (Chrome Release).

The vulnerability is classified with a CVSS v3.1 Base Score of 4.3 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, requires user interaction, has unchanged scope, and can impact confidentiality at a low level with no impact on integrity or availability (NVD).

The primary impact of this vulnerability is the potential leakage of cross-origin data when a malicious actor exploits the vulnerability through a specially crafted HTML page. The vulnerability's medium severity rating and confidentiality impact suggest that while the data exposure is limited, it could still pose security risks to users (NVD).

The vulnerability has been fixed in Chrome version 115.0.5790.98 and later versions. Users and organizations are advised to update their Chrome installations to this version or newer to mitigate the vulnerability. Google assigned a bounty of $2,000 for the discovery of this vulnerability (Chrome Release).