CVE-2025-11209: 
vulnerability analysis and mitigation

A medium severity vulnerability (CVE-2025-11209) was identified in the Omnibox (URL bar) implementation of Google Chrome on Android versions prior to 141.0.7390.54. The vulnerability was discovered by a researcher named Hafiizh and reported on August 13, 2025 (Chrome Release).

The vulnerability is classified as an inappropriate implementation in the Omnibox component of Chrome, which could allow URL spoofing attacks. The issue was assigned a medium severity rating by the Chromium security team and received a bounty reward of $3,000, indicating its moderate impact level (Chrome Release).

The vulnerability could enable a remote attacker to spoof the contents of the Omnibox (URL bar) through a specially crafted HTML page, potentially leading to phishing attacks by deceiving users about the website they are visiting (Debian Tracker).

The vulnerability has been patched in Chrome version 141.0.7390.54. Users are advised to update their Chrome installations to this version or later. The fix has also been incorporated into various distributions, including Debian bookworm (141.0.7390.54-1~deb12u1) and trixie (141.0.7390.54-1~deb13u1) (Debian Security).