CVE-2025-13636
BaseFortify
Publication date: 2025-12-02
Last updated on: 2025-12-04
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 143.0.7499.40 (exc) | |
| chrome | to 143.0.7499.40 (exc) | |
| apple | macos | * |
| microsoft | windows | * |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-290 | This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an inappropriate implementation in the Split View feature of Google Chrome versions prior to 143.0.7499.41. It allows a remote attacker to perform UI spoofing by convincing a user to perform specific UI gestures on a crafted domain name, potentially misleading the user about the content or origin of the displayed information.
How can this vulnerability impact me? :
The vulnerability can impact you by enabling a remote attacker to spoof the user interface, potentially tricking you into believing you are interacting with a legitimate website when you are not. This could lead to phishing or other social engineering attacks, although the severity is considered low.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update Google Chrome to version 143.0.7499.41 or later, as the issue is fixed in that version.