Google Chrome UI Spoofing Vulnerability via Text Selection Magnifier on Android

A vulnerability in Google Chrome for Android, in versions prior to 134.0.6998.35, allowed remote attackers to perform UI spoofing by manipulating the text selection magnifier. This was achieved through a crafted HTML page that convinced the user to engage in specific UI gestures, such as selecting text. The issue arose because the magnifier could persist after navigating away from the attacker-controlled content, obscuring or spoofing browser UI or page content.

Impact

Exploitation of this vulnerability could obscure or spoof browser UI elements, such as the address bar or permission prompts, by keeping the text selection magnifier open over these areas. This could lead to confusion or misrepresentation of information to the user.

Reproduction

The vulnerability can be reproduced by navigating to a page that the attacker controls, opening the text selection magnifier by touching and holding a text handle, and then allowing a navigation to occur. The magnifier will remain open with content from the previous page, which can then obscure or spoof browser UI or page content.

Remediation

Users should update to Google Chrome version 134.0.6998.35 or later, where this vulnerability has been fixed.