Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38163 | 1 F-secure | 1 Safe | 2025-05-02 | N/A | 3.5 LOW |
| A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar. | |||||
| CVE-2025-0446 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |||||
| CVE-2025-3074 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-3073 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-3072 | 1 Google | 1 Chrome | 2025-04-21 | N/A | 5.4 MEDIUM |
| Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2025-0435 | 1 Google | 2 Android, Chrome | 2025-04-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-20530 | 1 Google | 1 Android | 2025-04-18 | N/A | 5.3 MEDIUM |
| In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-231585645 | |||||
| CVE-2022-26383 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| When resizing a popup after requesting fullscreen access, the popup would not display the fullscreen notification. This vulnerability affects Firefox < 98, Firefox ESR < 91.7, and Thunderbird < 91.7. | |||||
| CVE-2022-22762 | 2025-04-16 | N/A | 4.3 MEDIUM | ||
| Under certain circumstances, a JavaScript alert (or prompt) could have been shown while another website was displayed underneath it. This could have been abused to trick the user. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 97. | |||||
| CVE-2022-34479 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| A malicious website that could create a popup could have resized the popup to overlay the address bar with its own content, resulting in potential user confusion or spoofing attacks. <br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11. | |||||
| CVE-2022-45404 | 2025-04-15 | N/A | 6.5 MEDIUM | ||
| Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
| CVE-2025-0451 | 1 Google | 1 Chrome | 2025-04-08 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | |||||
| CVE-2025-30467 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-04-04 | N/A | 4.3 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2025-1922 | 1 Google | 2 Android, Chrome | 2025-04-01 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-2631 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-29 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-4950 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-03-28 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||||
| CVE-2024-54558 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-03-27 | N/A | 2.8 LOW |
| A clickjacking issue was addressed with improved out-of-process view handling. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An app may be able to trick a user into granting access to photos from the user's photo library. | |||||
| CVE-2023-0700 | 1 Google | 1 Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-0130 | 1 Google | 2 Android, Chrome | 2025-03-20 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2024-6610 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-03-18 | N/A | 4.3 MEDIUM |
| Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128. | |||||