Google Chrome Intents UI Spoofing Vulnerability on Android

A UI spoofing vulnerability has been identified in Google Chrome on Android, in versions prior to 129.0.6668.58. This issue allows remote attackers to manipulate user interface elements through a specially crafted HTML page. The vulnerability arises from an inappropriate implementation in the handling of intents, particularly in how navigation changes are managed within the browser's Incognito mode. Exploitation of this vulnerability could lead to confusion for users, as it involves misdirecting them away from their current browsing context.

Impact

Exploitation of this vulnerability can cause origin confusion by displaying an alert dialog over the New Tab Page in Incognito mode, misleading users into thinking they are being prompted to exit Incognito. This could result in unintended interactions with the dialog, such as dismissing it and inadvertently triggering malicious intent redirects.

Reproduction

To reproduce this vulnerability, open Google Chrome on an Android device and enter Incognito mode. Visit a webpage that hosts the crafted HTML page designed to exploit this vulnerability. Once the page is loaded, click on the Chrome Home icon. This action will trigger an alert dialog box indicating a departure from Incognito mode, while the address bar remains blank, creating a confusing situation for the user. Alternatively, the vulnerability can be reproduced by simply clicking on the webpage after it has loaded, without needing to click the Home button.

Remediation

Users can update to Google Chrome version 129.0.6668.58 or later to address this vulnerability.