CVE-2025-12910 CVSS:5.1

Google Chrome could allow a local attacker to bypass security restrictions, caused by inappropriate implementation in Passkeys. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain potentially sensitive information.

CVE-2025-12911 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Permissions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform UI spoofing.

CVE-2025-12908 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient validation of untrusted input in Downloads. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to perform domain spoofing.

CVE-2025-12909 CVSS:6.5

Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient policy enforcement in Devtools. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to leak cross-origin data.

CVE-2025-12906 CVSS:5.4

Google Chrome could allow a remote attacker to bypass security restrictions, caused by inappropriate implementation in Permissions. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass security restrictions.