Primary

Context

Google Chrome UI Spoofing Vulnerability on Android

Vulnerability

Patched

A UI spoofing vulnerability has been identified in Google Chrome for Android, affecting versions prior to 134.0.6998.35. This vulnerability allows remote attackers to manipulate the user interface by using a specially crafted HTML page. The issue arises from an inappropriate implementation in the browser's user interface handling.

Impact

Exploitation of this vulnerability allows web content to interfere with the browser's trusted user interface, potentially leading to user manipulation.

Reproduction

The vulnerability can be reproduced by opening the affected version of Google Chrome on an Android device, navigating to a crafted HTML page that exploits this vulnerability, and tapping on the page. This action triggers the text selection menu, which can overlap the URL bar, demonstrating the UI spoofing effect.

Remediation

Users can update to Google Chrome version 134.0.6998.35 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome UI Spoofing Vulnerability on Android

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating