Domain Spoofing Vulnerability in Google Chrome for Android
CVE-2025-9865

5.4MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-9865?

A vulnerability in Google Chrome on Android prior to version 140.0.7339.80 can be exploited by remote attackers to perform domain spoofing. By convincing users to engage in certain UI gestures on a maliciously crafted HTML page, an attacker may impersonate trusted domains, potentially misleading users and compromising their security. This highlights the importance of keeping your browser updated and being cautious with UI interactions.

Affected Version(s)

Chrome 140.0.7339.80

References

https://chromereleases.googleblog.com/2025/09/stable-chan...

https://issues.chromium.org/issues/437147699

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Sep 2, 2025