CVE-2025-9865
📋 TL;DR
This vulnerability allows attackers to spoof website domains in Google Chrome on Android by tricking users into performing specific UI gestures on a malicious webpage. It affects Android users running Chrome versions before 140.0.7339.80. The attack requires user interaction and cannot be exploited without the user performing gestures on the attacker's page.
💻 Affected Systems
- Google Chrome for Android
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Users could be tricked into entering sensitive information into what appears to be a legitimate website but is actually controlled by an attacker, potentially leading to credential theft or financial fraud.
Likely Case
Attackers create convincing phishing pages that appear to be legitimate sites when users perform certain gestures, potentially harvesting login credentials or personal information.
If Mitigated
With proper user awareness training and browser updates, impact is minimal as users would recognize suspicious sites and the vulnerability would be patched.
🎯 Exploit Status
Exploitation requires convincing users to visit a malicious page and perform specific gestures. No authentication bypass or remote code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 140.0.7339.80 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html
Restart Required: No
Instructions:
1. Open Google Play Store on Android device. 2. Search for 'Chrome'. 3. If update is available, tap 'Update'. 4. Alternatively, enable auto-updates in Play Store settings.
🔧 Temporary Workarounds
Disable JavaScript
androidPrevents the malicious page from executing the gesture-based attack code
chrome://settings/content/javascript
Use Alternative Browser
androidTemporarily switch to a different browser until Chrome is updated
🧯 If You Can't Patch
- Educate users about phishing risks and not to perform unusual gestures on unfamiliar websites
- Implement network filtering to block known malicious domains
🔍 How to Verify
Check if Vulnerable:
Open Chrome on Android, go to Settings > About Chrome, check if version is below 140.0.7339.80Check Version:
chrome://versionVerify Fix Applied:
After updating, verify Chrome version is 140.0.7339.80 or higher in Settings > About Chrome📡 Detection & Monitoring
Log Indicators:
- Unusual user reports of suspicious website behavior
- Multiple failed login attempts from unexpected domains
Network Indicators:
- Traffic to domains with unusual certificate configurations
- Users accessing known phishing domains
SIEM Query:
source="chrome_logs" AND (event="security_warning" OR event="phishing_attempt")