CVE-2025-14373 — UI Misrepresentation / Clickjacking in Google Chrome

CWE-1021 — UI Misrepresentation / Clickjacking8 documents8 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 84.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium

Timeline

PublishedDec 12

Description

Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶CVEListV5google/chrome143.0.7499.110 — 143.0.7499.110

▶NVDgoogle/chrome< 143.0.7499.109

▶Debianchromium/chromium< 143.0.7499.109-1~deb12u1+2

🔴Vulnerability Details

OSV

CVE-2025-14373: Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143↗2025-12-12

▶

CVEList

CVE-2025-14373: Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143↗2025-12-12

▶

GHSA

GHSA-xmjj-27j3-8w2g: Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143↗2025-12-12

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2025-14174↗2025-12-10

▶

Microsoft

Chromium: CVE-2025-14373 Inappropriate implementation in Toolbar↗2025-12-09

▶

Debian

CVE-2025-14373: chromium - Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-14373 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶