CVE-2023-7012: 
Google Chrome vulnerability analysis and mitigation

Insufficient data validation in Permission Prompts in Google Chrome prior to version 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. The vulnerability specifically affected the handling of news:// and snews:// URL schemes in Chrome on macOS systems (Chrome Release).

The vulnerability stemmed from Chrome's default allowance of news:// and snews:// URL schemes without requiring user permission on macOS. These schemes were historically treated as default-allowed protocols alongside mailto:, dating back to Chrome's early development. On macOS, applications can automatically register URL scheme handlers from their info.plist file without user interaction or application execution, which when combined with Chrome's default allowance of these schemes, created a potential security risk (Chromium Issue).

The vulnerability could allow an attacker to achieve remote code execution and sandbox escape on macOS systems if a user was convinced to install a malicious application that registered handlers for the news:// or snews:// URL schemes. This could lead to arbitrary code execution outside of Chrome's sandbox environment (Chrome Release).

The issue was fixed in Chrome version 117.0.5938.62 by removing news:// and snews:// from the default-allowed URL schemes list. After the fix, these schemes are treated like any other external protocol, requiring explicit user permission before launching associated applications (Chrome Release).