Inappropriate Implementation in Extensions of Google Chrome Affects User Security
CVE-2025-9866

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 3 September 2025

What is CVE-2025-9866?

A vulnerability in Google Chrome's handling of extensions prior to version 140.0.7339.80 may allow remote attackers to bypass the content security policy through the use of a specially crafted HTML page. This weakness can potentially expose users to various security risks as attackers exploit this flaw, undermining the intended protections of web extensions. Users and administrators are advised to upgrade to the latest version to mitigate any potential threats.

Affected Version(s)

Chrome 140.0.7339.80

References

https://chromereleases.googleblog.com/2025/09/stable-chan...

https://issues.chromium.org/issues/379337758

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 3, 2025
Vulnerability Reserved
Sep 2, 2025