8.8 CVE-2025-3069

 

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
https://nvd.nist.gov/vuln/detail/CVE-2025-3069

Categories

CWE-358 : Improperly Implemented Security Check for Standard
The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. Browser does not verify Basic Constraints of a certificate, even though it is required, allowing spoofing of trusted certificates. Logic error prevents some required conditions from being enforced during Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5). Shared secret not verified in a RADIUS response packet, allowing authentication bypass by spoofing server replies. Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. Insufficient verification in VoIP implementation, in violation of standard, allows spoofed messages. Security check not applied to all components, allowing bypass.

References


 

CPE

cpe start end
Configuration 1
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* < 135.0.7049.52

REMEDIATION


EXPLOITS

Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id description severity
No entry