CVE-2025-25303

Name of the Vulnerable Software and Affected Versions MouseTooltipTranslator Chrome extension (affected versions not specified)

Description The MouseTooltipTranslator Chrome extension is susceptible to Server-Side Request Forgery (SSRF) attacks. This occurs because the pdf.mjs script utilizes the URL parameter from the current URL to download and display a file to the extension user. Since pdf.mjs is imported in viewer.html and viewer.html is accessible from all URLs, an attacker can manipulate the user's browser into making a request to any arbitrary URL. There have been discussions with the maintainer regarding this issue, and it was decided not to patch it as it would require disabling a major feature of the extension in exchange for mitigating a low-severity issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.