Volerion logoVolerion
Volerion logoVolerion

Google Chrome Extensions UI Spoofing Vulnerability

Vulnerability

A UI spoofing vulnerability has been identified in Google Chrome Extensions, in versions prior to 132.0.6834.83. This issue allows remote attackers to manipulate user interface elements by convincing users to perform specific gestures, using a specially crafted Chrome Extension.

Impact

Exploitation of this vulnerability could lead to unauthorized UI spoofing, where an extension could manipulate how prompts or dialogs are presented to the user, potentially causing them to misinterpret or incorrectly respond to these prompts.

Reproduction

To reproduce this vulnerability, install the affected Chrome extension that exploits the issue. After the extension is loaded, engage with the webpage that prompts the attacker to press 'Ctrl+A'. The extension's popup can then render over important prompts, such as those related to Progressive Web Apps (PWAs), effectively spoofing the UI and misleading the user.

Remediation

Users can update to Google Chrome version 132.0.6834.83 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
0.6
exploitability
5.8
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.