Privilege Escalation Vulnerability in Google Chrome Extensions
CVE-2025-3070

6.5MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 2 April 2025

Summary

A vulnerability exists in Google Chrome Extensions prior to version 135.0.7049.52, due to insufficient validation of untrusted input. This allows remote attackers to escalate privileges by sending specially crafted HTML content, potentially compromising the user's security and privacy. It is crucial to update to the latest version to mitigate the risks associated with this type of attack.

Affected Version(s)

Chrome 135.0.7049.52

References

https://chromereleases.googleblog.com/2025/04/stable-chan...

https://issues.chromium.org/issues/40086360

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 2, 2025
Vulnerability Reserved
Mar 31, 2025