CVE-2025-7021 Information

Description

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input (e.g. login credentials email addresses) via displaying a deceptive fullscreen interface with overlaid fake browser controls and a distracting element (like a cookie consent screen) to obscure fullscreen notifications tricking the user into interacting with the malicious site.

Reference

https://github.com/google/security-research/security/advisories/GHSA-mmgx-755h-wr74

Related CNNVD

CNNVD-202507-1547 (Published: 2025-07-10)