CVE-2025-13636
📋 TL;DR
This vulnerability in Google Chrome's Split View feature allows attackers to perform UI spoofing by tricking users into performing specific UI gestures while visiting a malicious website. Attackers can make malicious content appear as legitimate browser UI elements, potentially tricking users into revealing sensitive information. All Chrome users on affected versions are vulnerable.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Attackers could spoof browser UI elements like password prompts or security warnings, tricking users into entering credentials or sensitive information into attacker-controlled forms.
Likely Case
Attackers create convincing phishing pages that appear as legitimate browser UI, increasing success rates for credential theft or malware distribution.
If Mitigated
With proper user awareness training and browser security settings, users are less likely to fall for UI spoofing attempts, limiting impact to minor deception.
🎯 Exploit Status
Exploitation requires convincing users to perform specific UI gestures while on a malicious site, making social engineering a key component.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.41 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome menu > Help > About Google Chrome. 2. Chrome will automatically check for updates and install if available. 3. Click 'Relaunch' when prompted to complete the update.
🔧 Temporary Workarounds
Disable Split View
allPrevent exploitation by disabling the Split View feature entirely
chrome://flags/#split-view
Set to 'Disabled'
Enable Enhanced Safe Browsing
allAdds additional protection against malicious websites
chrome://settings/security
Enable 'Enhanced protection'
🧯 If You Can't Patch
- Use alternative browsers until Chrome can be updated
- Implement network filtering to block known malicious domains
🔍 How to Verify
Check if Vulnerable:
Check Chrome version via chrome://settings/help or 'About Google Chrome' in menuCheck Version:
google-chrome --version (Linux) or check via chrome://versionVerify Fix Applied:
Confirm Chrome version is 143.0.7499.41 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual user reports of suspicious browser UI elements
- Multiple failed authentication attempts from same user sessions
Network Indicators:
- Connections to newly registered or suspicious domains with high entropy names
SIEM Query:
source="chrome_audit_logs" AND event="ui_interaction" AND action="split_view_gesture" AND destination_domain="*suspicious*"