Google Chrome Custom Tabs Privilege Escalation Vulnerability on Android

A privilege escalation vulnerability has been identified in Google Chrome's Custom Tabs feature on Android, affecting versions prior to 135.0.7049.52. The issue arises from an inappropriate implementation that allows remote attackers to exploit specific user interface gestures. By convincing a user to engage in these gestures, an attacker can escalate privileges through a crafted application. This vulnerability is classified as medium severity by Chromium security.

Impact

Exploitation of this vulnerability allows for local privilege escalation, enabling an application to bypass permission checks and manipulate user interactions with websites through clickjacking attacks. Such actions can be performed without the user's awareness, potentially leading to unauthorized access to sensitive data or functions, like camera or microphone permissions.

Reproduction

The vulnerability can be reproduced by creating an Android application that uses Chrome Custom Tabs. The app must set a custom animation that fades in slowly, making the tab nearly transparent. Once the tab is active but not visible, the application can simulate user interactions, such as clicking buttons on permission prompts or critical website actions, like completing a purchase.

Remediation

Users should update to Google Chrome version 135.0.7049.52 or later, where this vulnerability has been fixed.