DNS Leak Vulnerability in Google ChromeOS VPN
CVE-2025-1566

7.5HIGH

Key Information:

Vendor: Google
Status: Chromeos
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-1566?

A DNS leak vulnerability has been identified in the Native System VPN of Google ChromeOS. This issue affects the transition of DNS traffic during VPN changes, potentially allowing network observers to intercept plaintext DNS queries. Users may unknowingly expose their browsing activity, leading to privacy concerns. This vulnerability highlights the need for securing DNS traffic in VPN environments to maintain user confidentiality.

Affected Version(s)

ChromeOS 16002.23.0

References

https://issuetracker.google.com/issues/342802975

https://issues.chromium.org/issues/b/342802975

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025
Vulnerability Reserved
Feb 21, 2025