UI Spoofing Vulnerability in Google Chrome for Android
CVE-2025-5066

6.5MEDIUM

Key Information:

Vendor

Google

Status
Vendor
CVE Published:
27 May 2025

What is CVE-2025-5066?

A vulnerability in the Google Chrome application for Android allows a remote attacker to exploit UI components through specific user interactions. This could potentially mislead users by producing deceptive visual interfaces via a specially crafted HTML page. The flaw could be leveraged by attackers to manipulate user input and bypass interactions, posing significant risks if users are tricked into providing sensitive information.

Affected Version(s)

Chrome 137.0.7151.55

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.