PT-2025-3890 · Google+4 · Google Chrome+4

Alesandro Ortiz

Published

2025-02-04

Updated

2025-03-19

CVE-2025-0451

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 133.0.6943.53

Description The issue is related to an inappropriate implementation in the Extensions API, allowing a remote attacker to perform UI spoofing via a crafted Chrome Extension if the user is convinced to engage in specific UI gestures.

Recommendations For versions prior to 133.0.6943.53, update to version 133.0.6943.53 or later to resolve the issue.

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

ALT-PU-2025-2744

ALT-PU-2025-4366

BDU:2025-02318

CVE-2025-0451

DSA-5859-1

MGASA-2025-0091

OPENSUSE-SU-2025:0058-1

OPENSUSE-SU-2025:14742-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Red Os

PT-2025-3890 · Google+4 · Google Chrome+4

CVE-2025-0451

Weakness Enumeration

Related Identifiers

Affected Products

References · 37