CVE-2025-12728
BaseFortify
Publication date: 2025-11-10
Last updated on: 2025-11-25
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 142.0.7444.137 (exc) | |
| android | * | |
| chrome | to 142.0.7444.134 (exc) | |
| linux | linux_kernel | * |
| microsoft | windows | * |
| chrome | to 142.0.7444.135 (exc) | |
| apple | macos | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-451 | The user interface (UI) does not properly represent critical information to the user, allowing the information - or its source - to be obscured or spoofed. This is often a component in phishing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in the Omnibox component of Google Chrome on Android versions prior to 142.0.7444.137. It allows a remote attacker to perform UI spoofing by convincing a user to perform specific UI gestures on a crafted HTML page, potentially misleading the user about the interface they are interacting with.
How can this vulnerability impact me? :
The vulnerability can impact users by enabling attackers to spoof the user interface, potentially tricking users into believing they are interacting with a legitimate interface when they are not. This can lead to phishing attacks or other forms of social engineering.