Chromium developers have closed a high‑severity upstream bug — tracked as CVE‑2025‑10201 — that the Chromium project describes as an “inappropriate implementation in Mojo” which could be abused, via a crafted HTML page, to bypass Chrome’s site‑isolation protections on Android, Linux and...
Google's Chromium team has fixed a medium-severity UI spoofing flaw—tracked as CVE-2025-9865—that existed in the browser's Toolbar implementation and could allow domain spoofing on Android when a user performed specific UI gestures on crafted pages.
Background
Chromium's September 2025 security...