Primary

Context

Dia Browser Spoofing Vulnerability in Custom-Sized Windows on macOS

Vulnerability

A spoofing vulnerability has been identified in the Dia browser on macOS, affecting versions prior to 1.9.0. The issue arises from the absence of an 'about:blank' indicator in custom-sized new windows, which could allow an attacker to manipulate the window title to resemble a trusted domain, potentially misleading users about their current site.

Impact

Exploitation of this vulnerability could lead to increased spoofing risks, allowing attackers to misrepresent the current website to users.

Remediation

Users are advised to update Dia to version 1.9.1 or newer, as these versions include the necessary fix.

Added: Jan 16, 2026, 7:23 PM

Updated: Jan 16, 2026, 7:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

2.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dia Browser Spoofing Vulnerability in Custom-Sized Windows on macOS

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating