UI Spoofing Vulnerability in Google Chrome on Windows
CVE-2025-0440

6.5MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 15 January 2025

Summary

A vulnerability in Google Chrome for Windows prior to version 132.0.6834.83 allows remote attackers to deceive users through UI spoofing via a crafted HTML page. This can lead to users being misled into inputting sensitive information, thus compromising security and privacy. The inappropriate implementation of the Fullscreen feature is the root cause of this issue, making users susceptible to potential phishing attacks.

Affected Version(s)

Chrome 132.0.6834.83

References

https://chromereleases.googleblog.com/2025/01/stable-chan...

https://issues.chromium.org/issues/40067914

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 13, 2025