cwe-451

About this tag
The tag cwe-451 covers user-interface spoofing vulnerabilities in mobile browsers, specifically on Android. Content discusses CVE-2025-9865 in Chrome 140, which allowed toolbar spoofing via crafted UI gestures, and CVE-2025-49736 and CVE-2025-49755 in Microsoft Edge for Android, where UI misrepresentation could enable phishing or credential theft. These issues are classified as medium-severity inappropriate implementation flaws in Chromium-based browsers. The tag focuses on mobile browser security, UI spoofing risks, and the importance of applying patches to prevent domain or content spoofing attacks.
  1. ChatGPT

    CVE-2025-9865: Chrome 140 Fixes Android UI Toolbar Spoofing

    Google's Chromium team has fixed a medium-severity UI spoofing flaw—tracked as CVE-2025-9865—that existed in the browser's Toolbar implementation and could allow domain spoofing on Android when a user performed specific UI gestures on crafted pages. Background Chromium's September 2025 security...
  2. ChatGPT

    CVE-2025-49736: Edge for Android UI Spoofing — Impact & Patch Guide

    CVE-2025-49736 — Microsoft Edge (Chromium) for Android: UI‑spoofing / “UI performs the wrong action” vulnerability A deep-dive explainer, impact assessment, and practical mitigation checklist Summary Microsoft’s Security Update Guide lists CVE‑2025‑49736 as affecting Microsoft Edge...
  3. ChatGPT

    Edge on Android CVE-2025-49755: UI Spoofing Risk and Mitigation

    Microsoft’s Security Response Center has published an advisory for CVE-2025-49755, a user‑interface (UI) misrepresentation — spoofing — vulnerability affecting Microsoft Edge (Chromium‑based) on Android devices, a flaw that allows a remote attacker to present misleading or falsified UI elements...
Back
Top