CVE-2025-3072: 
vulnerability analysis and mitigation

CVE-2025-3072 is a security vulnerability discovered in Google Chrome's Custom Tabs implementation. The vulnerability was reported on August 27, 2024, by Om Apip and was officially published on April 1, 2025. It affects Google Chrome versions prior to 135.0.7049.52. The vulnerability is classified as a UI spoofing issue that could be exploited when a user is convinced to perform specific UI gestures on a crafted HTML page (Chrome Release, NVD).

The vulnerability is categorized as CWE-451 (User Interface Misrepresentation of Critical Information). It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N. This indicates that the vulnerability requires user interaction, can be exploited remotely without privileges, and can lead to low-level impacts on confidentiality and integrity (NVD).

The vulnerability allows a remote attacker to perform UI spoofing attacks through a crafted HTML page, potentially misleading users about the interface they are interacting with. This could lead to users unknowingly performing actions or revealing information they did not intend to share (NVD).

The vulnerability has been fixed in Google Chrome version 135.0.7049.52 and later. Users are advised to update their Chrome browsers to the latest version to protect against this vulnerability. The fix was included in the stable channel update for Windows, Mac, and Linux platforms (Chrome Release).