Improper Protection of Physical Side Channels

CVE-2025-13992

Medium

4.7/10

Summary

Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: CHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-1300 - Improper Protection of Physical Side Channels

The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.

References

Advisory
Advisory

Advisory Timeline

Published Dec 03, 2025

Improper Protection of Physical Side Channels

CVE-2025-13992

Summary

CWE-1300 - Improper Protection of Physical Side Channels

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS