CVE-2023-4903: 
vulnerability analysis and mitigation

CVE-2023-4903 is a security vulnerability affecting Google Chrome's Custom Mobile Tabs on Android devices prior to version 117.0.5938.62. The vulnerability was discovered by Ahmed ElMasry on May 18, 2023, and was disclosed in September 2023. This security issue was classified with a medium severity rating by Google's Chromium team (Chrome Release).

The vulnerability stems from an inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android, which could allow a remote attacker to spoof security UI through a crafted HTML page. The vulnerability has been assigned a CVSS v3.1 base score of 4.3 (Medium) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, indicating that it requires user interaction but can be exploited remotely without authentication (NVD).

The vulnerability allows remote attackers to spoof security UI elements through specially crafted HTML pages, potentially misleading users about the security status or authenticity of web content they are viewing (NVD).

The vulnerability has been patched in Chrome version 117.0.5938.62 and later. Users and administrators are advised to update to this version or later to mitigate the risk. The fix has been incorporated into various distributions including Debian 11 (Bullseye) and 12 (Bookworm), as well as Fedora 37, 38, and 39 (Debian Advisory, Fedora Update).