Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00036.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Google
  • Android
  • Chrome

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Google
  • Android
  • Chrome
Advisories
Source ID Title
Debian DSA Debian DSA DSA-6016-1 chromium security update
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html cve-icon cve-icon
https://issues.chromium.org/issues/438226517 cve-icon cve-icon
History

Fri, 07 Nov 2025 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Google
Google android
Google chrome
Vendors & Products Google
Google android
Google chrome

Thu, 06 Nov 2025 22:15:00 +0000

Type Values Removed Values Added
Description Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
References
cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published:

Updated: 2025-11-06T22:08:54.364Z

Reserved: 2025-09-30T21:50:12.541Z

Link: CVE-2025-11209

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2025-11-06T22:15:38.850

Modified: 2025-11-06T22:15:38.850

Link: CVE-2025-11209

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-11-07T10:53:50Z