You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
omnibox spoofing
About this tag
Omnibox spoofing refers to a class of browser security vulnerabilities where an attacker can manipulate the address bar (Omnibox) in Chromium-based browsers like Google Chrome and Microsoft Edge to display a misleading URL. These flaws, often assigned CVEs such as CVE-2026-5880, CVE-2026-5895, and CVE-2025-12435, typically require prior compromise of the renderer process or a crafted webpage. While rated medium or low severity, they pose phishing risks by eroding user trust in the browser's UI. Microsoft's Security Update Guide tracks these upstream Chromium fixes to inform Edge users about patch status. Keeping browsers updated to versions like Chrome 147.0.7727.55 is essential to mitigate omnibox spoofing threats.
Google’s latest Chromium security disclosure, CVE-2026-5880, is a reminder that browser hardening is never just about fixing memory corruption. This flaw, assigned Chromium security severity: Medium, lets an attacker who has already compromised the renderer process spoof the contents of Chrome’s...
Google’s CVE-2026-5895 is a browser UI spoofing flaw in Chrome on iOS that can let a remote attacker make the Omnibox appear to show something different from the real destination. The bug affects versions prior to 147.0.7727.55, and Google rates the Chromium-side issue as Low severity, which is...
Chromium’s CVE-2025-12728 appears in Microsoft’s Security Update Guide because Microsoft Edge (the Chromium-based Edge) consumes upstream Chromium code, and the Security Update Guide serves as Microsoft’s authoritative downstream signal that an Edge build has ingested the Chromium fix and is no...
Chromium’s recent CVE entry for an “Incorrect security UI in Omnibox” (CVE‑2025‑12435) is not a mystery when you understand how Chromium, Chrome and Microsoft Edge are interrelated — and why Microsoft documents upstream Chromium bugs in its Security Update Guide. In short: Chromium is the...