Severity
Medium
Analysis Summary
CVE-2025-12910 CVSS:5.1
Google Chrome could allow a local attacker to bypass security restrictions, caused by inappropriate implementation in Passkeys. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain potentially sensitive information.
CVE-2025-12911 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Permissions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform UI spoofing.
CVE-2025-12908 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform domain spoofing.
CVE-2025-12909 CVSS:6.5
Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Devtools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to leak cross-origin data.
CVE-2025-12906 CVSS:5.4
Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Permissions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.
Impact
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-12910
CVE-2025-12911
CVE-2025-12908
CVE-2025-12909
CVE-2025-12906
Affected Vendors
Affected Products
- Google Chrome 140.0
Remediation
Upgrade to the latest version of Google Chrome, available from the Google Chrome Releases Website.