Google Chrome on iOS UI Spoofing Vulnerability via Crafted QR Codes

A UI spoofing vulnerability has been identified in Google Chrome on iOS, in versions prior to 136.0.7103.59. This issue allows remote attackers to manipulate how QR codes are presented to users, potentially leading to phishing attacks. The vulnerability arises from improper handling of URLs embedded in QR codes, where backslashes are misinterpreted, causing Chrome to truncate the URL and display a misleading link preview. When users click on this preview, they may be redirected to a different, potentially harmful website.

Impact

Exploitation of this vulnerability can lead to UI spoofing, where users are deceived into clicking on links that redirect them to malicious websites.

Reproduction

To reproduce this vulnerability, create a QR code containing a URL with backslashes, such as 'http://msdn.com\@long.long.evil.com'. Scan the QR code using Google Chrome on iOS. The browser will display a truncated version of the URL, omitting parts that are crucial for navigation. Clicking on the preview will redirect the user to the full URL, which in this case is a malicious site, bypassing the intended destination.

Remediation

Users can update to Google Chrome version 136.0.7103.59 or later, where this vulnerability has been fixed.