UI Spoofing Vulnerability in Google Chrome
CVE-2025-0448

4.3MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 15 January 2025

Summary

A vulnerability in Google Chrome prior to version 132.0.6834.83 allows remote attackers to manipulate user interface elements via specially crafted HTML pages. This exploitation can mislead users by creating false representations of legitimate content, potentially leading to unauthorized actions or data leakage. Awareness of this vulnerability is critical for maintaining secure browsing experiences.

Affected Version(s)

Chrome 132.0.6834.83

References

https://chromereleases.googleblog.com/2025/01/stable-chan...

https://issues.chromium.org/issues/377948403

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2025
Vulnerability Reserved
Jan 13, 2025