CVE-2025-0996 — Insufficient Visual Distinction of Homoglyphs Presented to User in Google Chrome

CWE-1007 — Insufficient Visual Distinction of Homoglyphs Presented to User7 documents7 sources

Severity

5.4MEDIUMNVD

EPSS

0.1%

top 74.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedFeb 15

Latest updateMar 12

Description

Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

▶CVEListV5google/chrome133.0.6943.98 — 133.0.6943.98

▶NVDgoogle/chrome< 133.0.6943.98

▶Debianchromium/chromium< 133.0.6943.98-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-wrgh-9j55-488p: Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133↗2025-02-15

▶

OSV

CVE-2025-0996: Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133↗2025-02-15

▶

CVEList

CVE-2025-0996: Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133↗2025-02-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0007 Chromium: Monthly Vulnerability Update (March 2025)↗2025-03-12

▶

Microsoft

Chromium: CVE -2025-0996 Inappropriate implementation in Browser UI↗2025-02-11

▶

Debian

CVE-2025-0996: chromium - Inappropriate implementation in Browser UI in Google Chrome on Android prior to ...↗2025

▶