Cybersecurity Vulnerabilities

CVE-2025-13636: Split View UI Spoofing Vulnerability in Google Chrome

December 2, 2025 - By 

Overview

CVE-2025-13636 is a low-severity security vulnerability affecting Google Chrome versions prior to 143.0.7499.41. This vulnerability resides within the Split View feature and allows a remote attacker to perform UI spoofing. An attacker could potentially trick a user into interacting with a malicious website disguised as a legitimate one by manipulating the user interface within the Split View.

Technical Details

The vulnerability is due to an inappropriate implementation of how domain names are handled and displayed within the Split View feature of Chrome. An attacker can exploit this by convincing a user to perform specific UI gestures (e.g., clicking or dragging within Split View) while visiting a crafted domain. This interaction enables the attacker to manipulate the displayed URL or other UI elements, leading the user to believe they are interacting with a trusted domain when they are not. The vulnerability occurs because the split view does not properly sanitize or validate the domain being displayed in the split view component after user gestures.

CVSS Analysis

Due to the nature of the vulnerability and the requirement for user interaction, a CVSS score was not calculated. The severity is rated as Low by Chromium security.

Possible Impact

While the severity is low, the potential impact of this vulnerability should not be dismissed. A successful exploit could lead to:

  • Phishing Attacks: Users might be tricked into entering credentials on a fake login page.
  • Malware Distribution: Users might unknowingly download and execute malicious files believing they are from a trusted source.
  • Data Theft: Sensitive information could be stolen if users are misled into interacting with malicious forms.

The effectiveness of this exploit relies heavily on social engineering, making user awareness crucial.

Mitigation and Patch Steps

The vulnerability has been addressed in Google Chrome version 143.0.7499.41. Users are strongly advised to update their Chrome browser to the latest version as soon as possible. To update Chrome:

  1. Click on the three dots (Menu) in the top-right corner of Chrome.
  2. Go to Help -> About Google Chrome.
  3. Chrome will automatically check for updates and install them.
  4. Restart Chrome to complete the update process.

Additionally, be vigilant about the websites you visit and the information you enter, especially when using the Split View feature.

References

Chrome Releases Blog – Stable Channel Update for Desktop
Chromium Bug Tracker – Issue 446181124

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *