CVE-2025-12729
📋 TL;DR
This vulnerability allows attackers to spoof UI elements in Chrome's address bar (Omnibox) on Android devices by tricking users into performing specific gestures on a malicious webpage. It affects Android users running Chrome versions before 142.0.7444.137. Attackers could potentially mislead users about website authenticity or security status.
💻 Affected Systems
- Google Chrome for Android
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users could be tricked into entering sensitive information on fake login pages, approving malicious transactions, or bypassing security warnings due to convincing UI spoofing.
Likely Case
Attackers create convincing phishing pages that appear legitimate by manipulating the address bar display, potentially stealing credentials or tricking users into unwanted actions.
If Mitigated
With updated Chrome and user awareness training, impact is limited as users can verify URLs and avoid suspicious gestures on untrusted sites.
🎯 Exploit Status
Requires user interaction (specific gestures) and a crafted HTML page. No public exploit code has been disclosed as of the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 142.0.7444.137 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Google Play Store on Android device. 2. Search for 'Chrome'. 3. If update is available, tap 'Update'. 4. After update completes, restart Chrome.
🔧 Temporary Workarounds
Disable JavaScript
androidPrevents the crafted HTML page from executing malicious scripts that trigger the vulnerability.
chrome://settings/content/javascript > Toggle off
Use Desktop Mode
androidSwitch Chrome to desktop mode which may not be affected by the same UI implementation.
Tap menu > Desktop site
🧯 If You Can't Patch
- Educate users to avoid performing unusual gestures on unfamiliar websites and to verify URLs before entering sensitive information.
- Implement network filtering to block known malicious domains that may host exploit pages.
🔍 How to Verify
Check if Vulnerable:
Open Chrome on Android, go to Settings > About Chrome, check if version is below 142.0.7444.137.Check Version:
chrome://versionVerify Fix Applied:
After updating, confirm Chrome version is 142.0.7444.137 or higher in Settings > About Chrome.📡 Detection & Monitoring
Log Indicators:
- Unusual user interaction patterns with Chrome on Android devices
- Access to domains with known phishing or malicious content
Network Indicators:
- HTTP requests to domains hosting crafted HTML pages with unusual parameters
- Increased traffic to newly registered or suspicious domains
SIEM Query:
source="chrome_android_logs" AND (event="unusual_gesture" OR url="*malicious-domain*" )