CVE-2025-0996

Feb. 19, 2025, 3:15 p.m.

5.4
Medium

Description

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

Product(s) Impacted

Product Versions
Google Chrome on Android
  • ['before 133.0.6943.98']

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1007
Insufficient Visual Distinction of Homoglyphs Presented to User
The product displays information or identifiers to a user, but the display mechanism does not make it easy for the user to distinguish between visually similar or identical glyphs (homoglyphs), which may cause the user to misinterpret a glyph and perform an unintended, insecure action.

References

https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html
https://issues.chromium.org/issues/391788835

Tags

chrome-cve-admin@google.com
2025-02-15
CVE-2025-0996
CWE-1007

CVSS Score

5.4 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: LOW
  • Integrity Impact: LOW
  • Availability Impact: NONE

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

    View Vector String

Timeline

Published: Feb. 15, 2025, 2:15 a.m.
Last Modified: Feb. 19, 2025, 3:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

chrome-cve-admin@google.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.