CVE-2025-0440 — Authentication Bypass by Spoofing in Google Chrome

CWE-290 — Authentication Bypass by Spoofing8 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedJan 15

Latest updateFeb 12

Description

Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5google/chrome132.0.6834.83 — 132.0.6834.83

▶NVDgoogle/chrome< 132.0.6834.83

▶Debianchromium/chromium< 132.0.6834.83-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

CVEList

CVE-2025-0440: Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132↗2025-01-15

▶

OSV

CVE-2025-0440: Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132↗2025-01-15

▶

GHSA

GHSA-25v3-7r56-53xj: Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132↗2025-01-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)↗2025-02-12

▶

Microsoft

Chromium: CVE-2025-0440 Inappropriate implementation in Fullscreen↗2025-01-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2025-0440↗2025-01-14

▶

Debian

CVE-2025-0440: chromium - Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to ...↗2025

▶