CVE-2025-0443 - Vulnerability Details

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

References

Link	Providers
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html
https://issues.chromium.org/issues/376625003

History

Wed, 15 Jan 2025 11:15:00 +0000

Type	Values Removed	Values Added
Description		Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
References		https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html https://issues.chromium.org/issues/376625003

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2025-01-15T10:58:54.090Z

Updated: 2025-01-15T14:31:46.532Z

Reserved: 2025-01-13T22:09:21.087Z

Link: CVE-2025-0443

Vulnrichment

No data.

NVD

Status : Received

Published: 2025-01-15T11:15:10.483

Modified: 2025-01-15T11:15:10.483

Link: CVE-2025-0443

Redhat

No data.

Metrics

Affected Vendors & Products

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object