CVE-2025-4052
CRITICALDescription
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| chrome |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2025-4052? +
How severe is CVE-2025-4052? +
What products are affected by CVE-2025-4052? +
How do I check if I'm vulnerable to CVE-2025-4052? +
Related Vulnerabilities
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting (XSS) …
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based …
Proofpoint Enterprise Protection contains a vulnerability in the email delivery agent that allows an unauthenticated attacker to inject improperly encoded …
The site log report required additional encoding of event descriptions to ensure any HTML in the content is displayed in …
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead …
Sandbox escape in the JavaScript Task feature of Google Cloud Application Integration allows an actor to execute arbitrary unsandboxed code …