Inappropriate Implementation in Navigations in Google Chrome Affects User Security
CVE-2025-3071

5.4MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 2 April 2025

Summary

A vulnerability in Google Chrome's handling of navigations prior to version 135.0.7049.52 allows remote attackers to exploit specific UI gestures. By enticing users to interact with a crafted HTML page, an attacker can bypass the same origin policy, leading to potentially unauthorized access to sensitive data or resources. It underscores the importance of keeping browser versions updated to mitigate security risks associated with user interface interactions.

Affected Version(s)

Chrome 135.0.7049.52

References

https://chromereleases.googleblog.com/2025/04/stable-chan...

https://issues.chromium.org/issues/40051596

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Mar 31, 2025