Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2025-12435
CVE-2025-12435:
vulnerability analysis and mitigation
Overview
CVE-2025-12435 is a security vulnerability identified as 'Incorrect security UI in Omnibox' affecting Google Chrome on Android prior to version 142.0.7444.59. The vulnerability was discovered by Hafiizh and reported on September 21, 2025 (Chrome Releases).
Technical details
The vulnerability has been classified as Medium severity, with a bounty reward of $3,000 being issued to the researcher. The issue specifically affects the Omnibox (address bar) component of Chrome, potentially allowing UI spoofing through crafted HTML pages (Debian Tracker, Chrome Releases).
Impact
The vulnerability could enable attackers to perform UI spoofing attacks via specially crafted HTML pages, potentially misleading users about the security status or identity of websites they visit (Debian Tracker).
Mitigation and workarounds
The vulnerability has been fixed in Chrome version 142.0.7444.59 and later. Users are advised to update their Chrome browsers to the latest version. For Debian systems, fixed versions are available in bookworm (142.0.7444.175-1~deb12u1) and trixie (142.0.7444.175-1~deb13u1) (Debian Tracker).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management