CVE-2025-0440: 
vulnerability analysis and mitigation

CVE-2025-0440 is a security vulnerability discovered in Google Chrome's Fullscreen feature on Windows platforms prior to version 132.0.6834.83. The vulnerability was reported by Umar Farooq on July 22, 2023, and involves an inappropriate implementation in the Fullscreen functionality that could allow UI spoofing (Chrome Release).

The vulnerability stems from an inappropriate implementation in the Fullscreen feature when used in conjunction with navigator.share API. The issue allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N (NVD).

The vulnerability could allow attackers to perform UI spoofing attacks, potentially misleading users about the security state of their browser. The issue specifically affects the fullscreen notification visibility and escape key functionality, which could be exploited to create convincing phishing scenarios (PAN Advisory).

The vulnerability has been patched in Google Chrome version 132.0.6834.83 for Windows. Users are advised to update their Chrome browsers to this version or later to receive the security fix. The fix involves ensuring that fullscreen is exited prior to starting the Windows portion of the 'Share' flow (Chrome Release).