Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Incorrect implementation of the security interface (Incorrect security UI) in the Split View component allows an attacker to display a false interface to the user using a specially crafted HTML page. This mechanism is consistent with CWE-451 class, which indicates misleading the user about the visual representation of content or security context. The attack requires no authentication, and user interaction is limited to visiting the crafted page.
An attacker can effectively spoof browser user interface elements, which may lead to credential theft or convincing the user to perform unwanted actions through false visual indicators.
Update Google Chrome to version 144.0.7559.59 or later. The update is available through the browser's built-in update mechanism or on the vendor's website according to references (chromereleases.googleblog.com).
Google Chrome versions prior to 144.0.7559.59 on Windows, Linux, and macOS platforms.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HApple macOS
OSApplewszystkie wersjeGoogle Chrome
APPGoogle< 144.0.7559.59< 144.0.7559.60Linux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach