CVE-2025-13102 is a vulnerability identified in Google Chrome on Android platforms, specifically affecting versions prior to 134.0.6998.35. The flaw arises from an inappropriate implementation in the WebApp Installs feature, which is responsible for managing the installation of web applications onto the Android device. This vulnerability allows a remote attacker to craft malicious HTML pages that can perform UI spoofing attacks. UI spoofing involves deceiving the user by presenting fake or misleading user interface elements, potentially tricking them into performing unintended actions or divulging sensitive information. The vulnerability is classified under CWE-451, which relates to improper implementation leading to UI spoofing. According to the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L), the attack can be executed remotely over the network without any privileges or authentication, but requires user interaction to trigger the spoofing. The impact is limited to availability, as the attacker can disrupt user experience or cause confusion, but does not directly compromise confidentiality or integrity of data. No known exploits have been reported in the wild, and Google has addressed this issue in Chrome version 134.0.6998.35. The vulnerability's medium severity rating (CVSS score 4.3) reflects its moderate risk profile, primarily due to the requirement for user interaction and the limited scope of impact.

For European organizations, this vulnerability poses a moderate risk primarily through social engineering and phishing attacks that exploit UI spoofing to deceive users. While it does not allow direct data theft or system compromise, attackers could use the spoofed UI to trick employees into installing malicious web apps, disclosing credentials, or performing unintended actions that could lead to further compromise. The impact on availability is minimal but could disrupt user trust and workflow. Organizations with a large mobile workforce relying on Android devices and Chrome browsers are more susceptible. Additionally, sectors handling sensitive information such as finance, healthcare, and government could face increased risks if attackers leverage this vulnerability as an initial access vector. The absence of known exploits reduces immediate threat but does not eliminate future risk, especially as attackers often develop exploits post-disclosure.

European organizations should prioritize updating all Android devices to Google Chrome version 134.0.6998.35 or later to eliminate this vulnerability. Implement mobile device management (MDM) solutions to enforce timely browser updates and restrict installation of unapproved web apps. Educate users about the risks of interacting with unexpected web app install prompts and train them to recognize suspicious UI elements. Employ network security controls such as web filtering and DNS filtering to block access to known malicious sites that could host crafted HTML pages exploiting this flaw. Conduct regular phishing simulation exercises to enhance user awareness. Additionally, monitor for unusual web app installation activities and investigate any anomalies promptly. Organizations should also review and tighten permissions related to web app installations on managed devices to reduce attack surface.