Login Sign Up

CVE-2025-11209

8.2 HIGH

📋 TL;DR

This vulnerability allows attackers to spoof the URL bar (Omnibox) in Google Chrome on Android, making malicious websites appear legitimate. Users of Google Chrome on Android are affected when visiting crafted HTML pages. The spoofing could trick users into believing they're on a trusted site.

💻 Affected Systems

Products:
  • Google Chrome for Android
Versions: All versions prior to 141.0.7390.54
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Chrome on Android, not desktop versions. Requires user interaction (visiting malicious page).

📦 What is this software?

Chrome by Google

Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...

Learn more about Chrome →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users could be tricked into entering sensitive information (passwords, credit cards) on phishing sites that appear to be legitimate banking or login pages.

🟠

Likely Case

Users might be redirected to phishing sites that appear legitimate, leading to credential theft or malware installation.

🟢

If Mitigated

With proper user awareness training and multi-factor authentication, the impact is reduced to minor inconvenience or failed phishing attempts.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user to visit a crafted HTML page. No authentication needed for the attack itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 141.0.7390.54

Vendor Advisory: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html

Restart Required: Yes

Instructions:

1. Open Google Play Store 2. Search for 'Chrome' 3. Tap 'Update' if available 4. Restart Chrome after update

🔧 Temporary Workarounds

Use alternative browser

android

Temporarily use a different browser until Chrome is updated

Disable JavaScript

android

Disable JavaScript in Chrome settings to prevent exploitation

🧯 If You Can't Patch

  • Educate users to manually verify URLs before entering credentials
  • Implement web filtering to block known malicious sites

🔍 How to Verify

Check if Vulnerable:

Open Chrome on Android, go to Settings > About Chrome, check if version is below 141.0.7390.54

Check Version:

chrome://version/ in Chrome address bar

Verify Fix Applied:

Confirm Chrome version is 141.0.7390.54 or higher in Settings > About Chrome

📡 Detection & Monitoring

Log Indicators:

  • Unusual URL patterns in browser logs
  • Multiple failed login attempts from same IP

Network Indicators:

  • Traffic to domains with suspicious certificate mismatches
  • Redirects to URLs with unusual character encoding

SIEM Query:

source="chrome_logs" AND (url_contains="%00" OR url_contains("@") OR url_length>200)

📊 Metadata

CVE ID: CVE-2025-11209
CVSS v3 Score: 8.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CWE: CWE-290
EPSS Score: 0.04% exploit probability (13.2th percentile)
Published: November 6, 2025
Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-11209, you might also want to check these:

CVE-2025-66570 10.0

This vulnerability in cpp-httplib allows attackers to inject HTTP headers (REMOTE_ADDR, REMOTE_PORT,...

Same vulnerability type (CWE-290)
CVE-2022-2310 10.0

CVE-2022-2310 is an authentication bypass vulnerability in Skyhigh Secure Web Gateway (SWG) that all...

Same vulnerability type (CWE-290)
CVE-2020-26276 10.0

This vulnerability allows attackers to modify trusted SAML responses in Fleet osquery manager, enabl...

Same vulnerability type (CWE-290)