Protection Mechanism Failure

CVE-2025-9866

High

8.8/10

Summary

Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-693 - Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

References

Release Note

Advisory Timeline

Published Sep 03, 2025

Protection Mechanism Failure

CVE-2025-9866

Summary

CWE-693 - Protection Mechanism Failure

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS