CVE-2025-14373
📋 TL;DR
This vulnerability allows attackers to spoof website domains in the Chrome toolbar on Android devices, potentially tricking users into believing they're on legitimate sites. It affects Android users running Chrome versions before 143.0.7499.110.
💻 Affected Systems
- Google Chrome for Android
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users could be tricked into entering sensitive information (passwords, financial data) on malicious sites that appear legitimate in the address bar.
Likely Case
Phishing attacks where users are deceived into visiting fake versions of legitimate websites due to toolbar display manipulation.
If Mitigated
Users who verify URLs carefully or use additional security measures would be less likely to fall victim, though the visual deception remains.
🎯 Exploit Status
Exploitation requires user interaction (visiting a crafted HTML page) but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 143.0.7499.110 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html
Restart Required: Yes
Instructions:
1. Open Chrome on Android. 2. Go to Settings > About Chrome. 3. Chrome will automatically check for and install updates. 4. Restart Chrome if prompted.
🔧 Temporary Workarounds
Disable JavaScript (temporary)
androidPrevents the crafted HTML from executing the toolbar manipulation, though this breaks many websites.
Settings > Site settings > JavaScript > Block
Use alternative browser
androidSwitch to a different browser until Chrome is updated.
🧯 If You Can't Patch
- Educate users to manually verify URLs by tapping the address bar to see the full URL before entering sensitive information.
- Implement network filtering to block known malicious domains that might host exploit pages.
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: Open Chrome > Settings > About Chrome. If version is below 143.0.7499.110, the device is vulnerable.Check Version:
Not applicable for Android GUI; use Settings > About Chrome.Verify Fix Applied:
Confirm Chrome version is 143.0.7499.110 or higher after updating.📡 Detection & Monitoring
Log Indicators:
- Unusual toolbar display anomalies reported by users
- Increased reports of phishing attempts
Network Indicators:
- Traffic to domains hosting crafted HTML pages with unusual toolbar manipulation scripts
SIEM Query:
Not typically applicable for client-side browser vulnerabilities on mobile devices.