Google Chrome UI Spoofing Vulnerability in Downloads Component

A UI spoofing vulnerability has been identified in the Downloads feature of Google Chrome, in versions prior to 135.0.7049.52. This vulnerability allows remote attackers to bypass security restrictions and create fake origins in the Download UI, potentially misleading users about the source of downloaded files.

Impact

Exploitation of this vulnerability can lead to UI spoofing, where a malicious actor can create a deceptive appearance in the Download interface, such as falsifying the origin of a downloaded file.

Reproduction

To reproduce this vulnerability, create an HTML file that includes a download link with a filename designed to bypass Chrome's security UI restrictions. The link should use characters that can circumvent the default blocking of '://' in filenames. Once the spoofing HTML page is prepared, open it in an affected version of Google Chrome. Download the file, and observe that the security UI's blacklist is bypassed, allowing the attacker to create a fake origin in the Download UI.

Remediation

Users can update to Google Chrome version 135.0.7049.52 or later, where this vulnerability has been fixed.