Privilege Escalation Vulnerability in Google Chrome Extensions
CVE-2025-3070

6.5MEDIUM

Key Information:

Vendor
Google
Status
Vendor
CVE Published:
2 April 2025

Summary

A vulnerability exists in Google Chrome Extensions prior to version 135.0.7049.52, due to insufficient validation of untrusted input. This allows remote attackers to escalate privileges by sending specially crafted HTML content, potentially compromising the user's security and privacy. It is crucial to update to the latest version to mitigate the risks associated with this type of attack.

Affected Version(s)

Chrome 135.0.7049.52

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.