PT-2025-27673 · Google · Google Chrome
Ari Novick
·
Published
2025-07-02
·
Updated
2025-07-02
·
CVE-2025-34092
CVSS v4.0
9.3
Critical
| Vector | AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Google Chrome (affected versions not specified)
Description:
A cookie encryption bypass issue exists due to weak path validation logic within the elevation service of Google Chrome's AppBound mechanism. This allows an attacker to impersonate Chrome by naming their binary similarly and placing it in a similar path, thus retrieving the encrypted cookie key. This enables malicious processes to access cookies intended to be restricted to the Chrome process only.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authentication
Authentication Bypass by Spoofing
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Google Chrome