CVE-2025-12436 — Missing Authentication for Critical Function in Google Chrome
Severity
5.9MEDIUMNVD
EPSS
0.0%
top 97.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 10
Latest updateNov 12
Description
Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium)
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
3📋Vendor Advisories
6Palo Alto▶
PAN-SA-2025-0018 Chromium and Prisma Browser: Monthly Vulnerability Update (November 2025)↗2025-11-12