🚨 Critical Security Vulnerability
🆔 CVE-2025-4052
💣 CVSS Score: 9.8 (Critical)
📅 Published: 2025-05-05
🔹 TL;DR
A critical vulnerability in Google Chrome's DevTools prior to version 136.0.7103.59 allows remote attackers to bypass discretionary access controls via a crafted HTML page, potentially leading to unauthorized access.
🔸 Affected Versions
Google Chrome versions prior to 136.0.7103.59
⚠️ Vulnerability Details
The vulnerability arises from an inappropriate implementation in DevTools, where a remote attacker can convince a user to engage in specific UI gestures, leading to a bypass of discretionary access control.
🔧 Recommended Action
- Upgrade to Google Chrome version 136.0.7103.59 or later.
- Ensure that all systems using affected versions are updated promptly.
👤 Affected Environments
- Systems running Google Chrome versions prior to 136.0.7103.59.
🧠 TTPs (MITRE Mapping)
- CWE-838 – Inappropriate Encoding for Output Context
- CAPEC-468 – Cross-Browser Cross-Domain Theft
🛠 References
🔗 Chromium Issue Tracker
🔗 Debian Security Tracker
🔗 SUSE Security Advisory
🔗 Rapid7 Vulnerability Database
%20Enables%20Critical%20Access%20Control%20Bypass){kind=link}