Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html