CVE-4: UI Spoofing (setTitle + showToast)

CWE-451 | CVSS 8.1 | Native UI elements controlled by attacker page