Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
The bug consists of incorrect security UI display in Google Chrome running on Android. An attacker can construct a crafted HTML page which, when visited by a user, causes false content to be displayed in the URL address bar (Omnibox). The user then sees a different address than the one they are actually visiting, creating conditions for a phishing attack.
An attacker can deceive a user into believing they are on a trusted website (e.g., a bank or login service), while they are actually browsing a page controlled by the attacker — enabling credential harvesting or extraction of other sensitive information.
Update Google Chrome on Android to version 144.0.7559.59 or later. The update is available through Google Play Store and according to information published by the vendor at https://chromereleases.googleblog.com/2026/01/stable-channel-update-for-desktop_13.html
Google Chrome on Android in versions prior to 144.0.7559.59
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApple macOS
OSApplewszystkie wersjeGoogle Chrome
APPGoogle< 144.0.7559.59< 144.0.7559.60Linux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach