CVE-2025-13640
LOWDescription
Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low)
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| chrome | |
| linux | linux_kernel |
| microsoft | windows |
| chrome | |
| apple | macos |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-13640? +
How severe is CVE-2025-13640? +
What products are affected by CVE-2025-13640? +
How do I check if I'm vulnerable to CVE-2025-13640? +
Related Vulnerabilities
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead …
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code …
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of …
Google Nest WiFi Pro root code-execution & user-data compromise
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default …
Due to length check, an attacker with privilege access on a Linux Nonsecure operating system can trigger a vulnerability and …