CVE-2025-6179

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google ChromeOS version 16181.27.0

Description The issue allows a local attacker to bypass permissions in Extension Management, enabling them to disable extensions and access Developer Mode. This can lead to the loading of additional extensions, potentially exploiting vulnerabilities using tools like ExtHang3r and ExtPrint3r.

Recommendations For Google ChromeOS version 16181.27.0, consider restricting access to Developer Mode and limiting the ability to disable extensions as a temporary mitigation measure. Additionally, avoid using the ExtHang3r and ExtPrint3r tools until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Privilege Management

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-276

Related Identifiers

BDU:2025-09936

CVE-2025-6179

Affected Products

Chrome Os

CVE-2025-6179

Weakness Enumeration

Related Identifiers

Affected Products

References · 8