Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html