CVE-2025-12446
📋 TL;DR
This vulnerability allows attackers to spoof the browser UI in Google Chrome's SplitView feature by tricking users into performing specific gestures on a malicious website. Users of affected Chrome versions are at risk of being deceived by fake UI elements that could hide malicious actions. The attack requires user interaction with crafted domain names.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
User could be tricked into entering sensitive information into a spoofed UI element that appears legitimate, leading to credential theft or unintended actions.
Likely Case
Users might be deceived by fake browser UI elements that could hide malicious links or actions, potentially leading to phishing or social engineering attacks.
If Mitigated
With updated Chrome versions, the UI correctly displays security indicators, preventing spoofing attempts.
🎯 Exploit Status
Exploitation requires convincing users to perform specific UI gestures on a crafted website. No authentication is needed, but social engineering is required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 142.0.7444.59 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Restart Required: Yes
Instructions:
1. Open Chrome settings (three dots menu) 2. Click 'About Chrome' 3. Chrome will automatically check for and install updates 4. Restart Chrome when prompted
🔧 Temporary Workarounds
Disable SplitView Feature
allTemporarily disable the SplitView feature that contains the vulnerability
chrome://flags/#split-view
Set to 'Disabled'
Relaunch Chrome
🧯 If You Can't Patch
- Use alternative browsers until Chrome can be updated
- Educate users to avoid performing UI gestures on unfamiliar websites
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings > About Chrome. If version is below 142.0.7444.59, the system is vulnerable.Check Version:
chrome://version/ (in Chrome address bar) or 'google-chrome --version' (command line)Verify Fix Applied:
Confirm Chrome version is 142.0.7444.59 or higher in Settings > About Chrome.📡 Detection & Monitoring
Log Indicators:
- Unusual user interaction patterns with SplitView
- Multiple failed authentication attempts following SplitView usage
Network Indicators:
- Traffic to domains with unusual naming patterns designed to exploit UI spoofing
SIEM Query:
source="chrome" AND event="security_ui_interaction" AND action="splitview_gesture"