CVE-2025-3070

Summary

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Affected Software

VendorProductVersion RangeStatus
GoogleChrome135.0.7049.52 < 135.0.7049.52affected

Weaknesses

  • CWE-20: Insufficient validation of untrusted input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References