CVE-2025-3074
📋 TL;DR
This vulnerability allows attackers to spoof download UI elements in Google Chrome, tricking users into believing malicious downloads are legitimate. It affects all Chrome users on desktop platforms who haven't updated to the patched version. Attackers can craft HTML pages that manipulate how download prompts appear.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users download and execute malicious files believing they're legitimate software, leading to malware installation, data theft, or system compromise.
Likely Case
Users are tricked into downloading unwanted software, adware, or potentially unwanted programs (PUPs) through deceptive download prompts.
If Mitigated
Users notice inconsistencies in the UI or have security software that blocks suspicious downloads, preventing successful exploitation.
🎯 Exploit Status
Exploitation requires user interaction (clicking/downloading) and can be delivered via malicious websites or phishing emails.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 135.0.7049.52 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the update.
🔧 Temporary Workarounds
Disable automatic downloads
allConfigure Chrome to ask where to save each file before downloading
chrome://settings/downloads → Toggle 'Ask where to save each file before downloading' to ON
Enable enhanced security features
allUse Chrome's built-in security features to warn about dangerous downloads
chrome://settings/security → Ensure 'Enhanced protection' or 'Standard protection' is enabled
🧯 If You Can't Patch
- Implement web filtering to block known malicious sites that could host exploit code
- Deploy endpoint protection that scans downloads for malware before execution
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings → About Chrome. If version is below 135.0.7049.52, the system is vulnerable.Check Version:
chrome://version/ (on Windows/macOS/Linux)Verify Fix Applied:
After updating, verify Chrome version is 135.0.7049.52 or higher in Settings → About Chrome.📡 Detection & Monitoring
Log Indicators:
- Multiple download attempts from same IP with unusual file types
- User reports of unexpected download prompts
Network Indicators:
- HTTP traffic to sites with unusual download patterns
- Increased download volume from suspicious domains
SIEM Query:
source="chrome" AND event="download" AND file_extension IN (exe, bat, ps1, vbs) AND user_interaction="prompted"