Now tracked as CVE-2023-38750, the security flaw is a reflected Cross-Site Scripting (XSS) discovered by security researcher Clément Lecigne of Google Threat Analysis Group.