← back
CVE-2025-11210

CVE-2025-11210

CVSS 5.4 MEDIUMEPSS 0.2%CWE-1300
In short

A flaw in Google Chrome's Tab feature allows attackers to trick users through visual deception by manipulating browser UI elements when users interact with the page in specific ways. This could fool users into clicking on fake buttons or believing they're on a different website.

Technical detail

CWE-1300 side-channel information leakage in Chrome's Tab component (prior to 141.0.7390.54) permits UI spoofing attacks via crafted HTML pages when users perform specific gestures. The vulnerability requires user interaction and convincing social engineering, but enables attackers to deceive users about the true origin or content of displayed UI elements.

Summary generated and translated by AI from the official description.
Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected products
Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.htmlhttps://issues.chromium.org/issues/440523110