Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
https://issues.chromium.org/issues/40942531
https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html