Google Chrome UI Spoofing Vulnerability in Navigation Component on Android

A UI spoofing vulnerability has been identified in Google Chrome on Android, in versions prior to 132.0.6834.83. This issue allows remote attackers to manipulate the user interface by hiding the address bar and spoofing the URL display, using a specially crafted HTML page. The vulnerability arises from an improper handling of navigation events, particularly with the 'RenderDocument' feature, which can disrupt the expected sequence of page load notifications. As a result, the address bar can be concealed without user interaction, creating an opportunity for phishing attacks by misrepresenting the actual website being viewed.

Impact

Exploitation of this vulnerability can lead to UI spoofing, where the address bar is hidden and replaced with a spoofed URL, potentially deceiving users about the authenticity of the website they are visiting.

Reproduction

The vulnerability can be reproduced by navigating to a slow-loading page that takes at least three seconds to load. Once the page is fully loaded, the address bar will be hidden. If the navigation is initiated from a page without a style element, the issue does not occur. However, when the navigation is started from a page with a style element, the address bar can be successfully hidden, allowing for UI spoofing.

Remediation

Users can update to Google Chrome version 132.0.6834.83 or later, where this vulnerability has been fixed.