What is the severity of CVE-2025-3067?

The severity of CVE-2025-3067 is classified as Medium.

How do I fix CVE-2025-3067?

To fix CVE-2025-3067, update Google Chrome on Android to version 135.0.7049.52 or later.

What type of vulnerability is CVE-2025-3067?

CVE-2025-3067 is a privilege escalation vulnerability due to inappropriate implementation in Custom Tabs in Google Chrome on Android.

Who is affected by CVE-2025-3067?

CVE-2025-3067 affects users of Google Chrome on Android versions prior to 135.0.7049.52.

What could an attacker achieve with CVE-2025-3067?

An attacker exploiting CVE-2025-3067 could perform privilege escalation by convincing a user to engage in specific UI gestures.

Vulnerability/
CVE-2025-3067

high

8.8

EPSS

0.091%

31/10/2024

2/4/2025

8/4/2025

CVE-2025-3067: Inappropriate implementation in Custom Tabs

First published: Thu Oct 31 2024(Updated: )

<p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2024">Google Chrome Releases</a> for more information.</p>

Credit: Philipp Beer (TU Wien) chrome-cve-admin@google.com

Affected Software	Affected Version	How to fix
Microsoft Edge Beta	<135.0.3179.54
Microsoft Edge		fix available externally
Google Chrome	<135.0.7049.52	135.0.7049.52
Google Chrome	<135.0.7049.52

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

3101134446259605279

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2025-3067?
The severity of CVE-2025-3067 is classified as Medium.
How do I fix CVE-2025-3067?
To fix CVE-2025-3067, update Google Chrome on Android to version 135.0.7049.52 or later.
What type of vulnerability is CVE-2025-3067?
CVE-2025-3067 is a privilege escalation vulnerability due to inappropriate implementation in Custom Tabs in Google Chrome on Android.
Who is affected by CVE-2025-3067?
CVE-2025-3067 affects users of Google Chrome on Android versions prior to 135.0.7049.52.
What could an attacker achieve with CVE-2025-3067?
An attacker exploiting CVE-2025-3067 could perform privilege escalation by convincing a user to engage in specific UI gestures.

agent/title
agent/type
agent/first-publish-date
agent/author
agent/severity
collector/msrc
source/Microsoft
agent/software-canonical-lookup
agent/references
agent/last-modified-date
agent/source
agent/description
agent/softwarecombine
collector/msrc-cve
agent/event
collector/chrome-releases
agent/tags
collector/mitre-cve
source/MITRE
collector/epss-latest
source/FIRST
agent/epss
collector/nvd-api
source/NVD
vendor/microsoft
canonical/microsoft edge beta
canonical/microsoft edge
vendor/google
canonical/google chrome

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.