Medium severity4.3NVD Advisory· Published Aug 7, 2025· Updated Jun 17, 2026
CVE-2025-8577
CVE-2025-8577
Description
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Affected products
3Patches
Vulnerability mechanics
References
2- chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.htmlnvdRelease NotesVendor Advisory
- issues.chromium.org/issues/384050903nvdIssue TrackingPermissions Required
News mentions
0No linked articles in our index yet.