Google's Chromium team has fixed a medium-severity UI spoofing flaw—tracked as CVE-2025-9865—that existed in the browser's Toolbar implementation and could allow domain spoofing on Android when a user performed specific UI gestures on crafted pages.
Background
Chromium's September 2025 security...
CVE-2025-49736 — Microsoft Edge (Chromium) for Android: UI‑spoofing / “UI performs the wrong action” vulnerability
A deep-dive explainer, impact assessment, and practical mitigation checklist
Summary
Microsoft’s Security Update Guide lists CVE‑2025‑49736 as affecting Microsoft Edge...
Microsoft’s Security Response Center has published an advisory for CVE-2025-49755, a user‑interface (UI) misrepresentation — spoofing — vulnerability affecting Microsoft Edge (Chromium‑based) on Android devices, a flaw that allows a remote attacker to present misleading or falsified UI elements...