Authentication Bypass by Spoofing
CVE-2025-0446
Summary
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- LOW
- NETWORK
- LOW
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
References
Advisory Timeline
- Published