CVE-2022-1307 Inappropriate implementation of Google Chrome's full screen feature allowed a remote attacker to spoof the contents of the Omnibox.

CVE-2022-1307 Inappropriate implementation of Google Chrome's full screen feature allowed a remote attacker to spoof the contents of the Omnibox.

Note that this issue was fixed in the latest version of Google Chrome for Android, which is version 100.0.4896.87. Insecure implementation in the Android functionality to open links in new tabs in full screen in Google Chrome prior to 71.0.3578.0 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This issue was fixed in an update to Google Chrome of version 71.0.3578.0.

Insecure implementation in the Android functionality to open links in new tabs in full screen in Google Chrome prior to 71.0.3578.0 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This issue was fixed in an update to Google Chrome of version 71.0.3578.0. Insecure implementation in the Android functionality to open links in new tabs in full screen in Google Chrome prior to 71.0.3578.0 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This issue was fixed in an update to Google Chrome of version 71.0.3578.0. Inappropriate implementation in Google Chrome prior to 71.0.3578.0 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

Inappropriate implementation in Google Chrome prior to 71.

Summary

The vulnerability is in the Google Chrome Android application.
A vulnerability was discovered in Google's Chrome for Android app of version 100.0.4896.87, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. This issue has been fixed in an update to the app, which is now up to version 71.0.3578.0

Improper Neutralization of Special Elements used in an HTML email message

Inappropriate implementation in Google Chrome prior to 71.0.3578.0 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe