Inappropriate Implementation in Navigations in Google Chrome Affects User Security
CVE-2025-3071

5.4MEDIUM

Key Information:

Vendor
Google
Status
Vendor
CVE Published:
2 April 2025

Summary

A vulnerability in Google Chrome's handling of navigations prior to version 135.0.7049.52 allows remote attackers to exploit specific UI gestures. By enticing users to interact with a crafted HTML page, an attacker can bypass the same origin policy, leading to potentially unauthorized access to sensitive data or resources. It underscores the importance of keeping browser versions updated to mitigate security risks associated with user interface interactions.

Affected Version(s)

Chrome 135.0.7049.52

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.