Skip to main content

Authentication Bypass by Spoofing

CVE-2025-0446

Severity Medium
Score 4.3/10

Summary

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

  • LOW
  • NETWORK
  • LOW
  • UNCHANGED
  • REQUIRED
  • NONE
  • NONE
  • NONE

CWE-290 - Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Advisory Timeline

  • Published