CVE-2025-13102: 
Google Chrome vulnerability analysis and mitigation

Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. This vulnerability was assigned CVE-2025-13102 and was discovered on July 7, 2024, by security researcher Bharat (mrnoob). The issue affects Google Chrome on Android devices running versions before 134.0.6998.35 (Chrome Release Notes, NVD).

The vulnerability has been classified with CWE-451 (User Interface (UI) Misrepresentation of Critical Information). It received a CVSS v3.1 base score of 4.3 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L. The scoring indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction. The scope is unchanged, with no impact on confidentiality or integrity, but low impact on availability (Ubuntu, NVD).

The vulnerability allows remote attackers to perform UI spoofing through specially crafted HTML pages. While classified as Low severity by Chromium security team, the potential impact involves user interface manipulation that could lead to misrepresentation of critical information to users (NVD).

The vulnerability has been patched in Google Chrome version 134.0.6998.35 for Android. Users are advised to update their Chrome browsers to this version or later to mitigate the risk (Chrome Release Notes).