Google Chrome Domain Spoofing Vulnerability in Downloads on Android

A domain spoofing vulnerability has been identified in the Downloads feature of Google Chrome on Android, affecting versions prior to 140.0.7339.80. This vulnerability allows remote attackers to manipulate download origins by using crafted data URLs. The issue arises from improper validation of untrusted input, which can be exploited to deceive users about the source of downloaded files.

Impact

Exploitation of this vulnerability leads to spoofing of the download origin, causing misleading notifications that can convince users to open downloaded files from seemingly legitimate sources.

Reproduction

The vulnerability can be reproduced by entering a malformed data URL into the address bar of an affected version of Google Chrome on Android. This URL should be crafted to include a spoofed origin, such as 'google.com', followed by a payload. Once the URL is entered, a download will be initiated, and the notification will display the spoofed origin as if it were a legitimate download from that source.

Remediation

Users can update to Google Chrome version 140.0.7339.80 or later to address this vulnerability.