PT-2025-16919 · Google · Google Chrome
Published
2025-04-16
·
Updated
2025-05-06
·
CVE-2025-1566
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Google ChromeOS version 129.0.6668.36
Description
The issue allows network observers to expose plaintext DNS queries due to a failure to properly tunnel DNS traffic during VPN state transitions. This occurs in the Native System VPN in Google ChromeOS Dev Channel.
Recommendations
For Google ChromeOS version 129.0.6668.36, consider disabling the Native System VPN until a patch is available to prevent exposure of plaintext DNS queries. Restrict access to sensitive information and networks to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Google Chrome