CVE-2023-7282: 
Google Chrome vulnerability analysis and mitigation

CVE-2023-7282 is a security vulnerability in Chromium browser that allows remote attackers to perform domain spoofing through a crafted HTML page by convincing users to engage in specific UI gestures (NVD). The vulnerability was discovered and fixed in Chromium version 120.0.6099.224 (Debian Security).

The vulnerability involves a tel: protocol spoofing issue where attackers could manipulate the browser's URL display through window.open() and location.replace() methods. The bug specifically affected how Chrome handles the display of initiating origins in about:blank pages when using the tel: protocol (Chromium Issue).

The vulnerability could allow attackers to perform domain spoofing attacks, potentially misleading users about the true origin of a webpage. This could be used in phishing attacks or other social engineering attempts to deceive users about the authenticity of a website (Chromium Issue).

The vulnerability was fixed by disabling the problematic click-to-call functionality in 2023. The fix was implemented in Chromium version 120.0.6099.224 and has been distributed to various distributions including Debian (Debian Security, Chromium Issue).

The Chrome Vulnerability Rewards Program (VRP) Panel acknowledged the security impact of this vulnerability and awarded a $500 bounty to the researcher who reported it, classifying it as a low-impact security bug that led to security-relevant changes (Chromium Issue).