CVE-2025-13102
📋 TL;DR
This vulnerability allows attackers to spoof user interface elements in Google Chrome on Android by tricking users into visiting malicious web pages. It affects Android users running Chrome versions before 134.0.6998.35. The attack requires user interaction with a crafted webpage.
💻 Affected Systems
- Google Chrome
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users could be tricked into providing sensitive information or granting permissions to malicious sites by interacting with spoofed UI elements that appear legitimate.
Likely Case
Attackers could create convincing phishing pages that mimic legitimate web app install interfaces, potentially leading to credential theft or unwanted app installations.
If Mitigated
With proper user education about verifying URLs and cautious browsing habits, the impact is minimal as it requires user interaction with malicious content.
🎯 Exploit Status
Exploitation requires user interaction with a malicious webpage but no authentication or special privileges.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 134.0.6998.35 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Google Play Store on Android device. 2. Search for 'Google Chrome'. 3. If update is available, tap 'Update'. 4. Restart Chrome after update completes.
🔧 Temporary Workarounds
Disable Web App Install Prompts
androidPrevent Chrome from showing web app install interfaces which could be spoofed
chrome://flags/#enable-desktop-pwas
Set to 'Disabled'
🧯 If You Can't Patch
- Educate users to verify URLs before interacting with web app install prompts
- Use alternative browsers until Chrome can be updated
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings > About Chrome. If version is below 134.0.6998.35, device is vulnerable.Check Version:
chrome://version/Verify Fix Applied:
Confirm Chrome version is 134.0.6998.35 or higher in Settings > About Chrome.📡 Detection & Monitoring
Log Indicators:
- Unusual web app installation attempts from unfamiliar domains
- User reports of suspicious install prompts
Network Indicators:
- Traffic to domains hosting crafted HTML pages with spoofed UI elements
SIEM Query:
web.url CONTAINS 'install' AND web.url NOT IN (allowed_domains) AND user_agent CONTAINS 'Chrome/Android'