CVE-2025-12436
📋 TL;DR
A policy bypass vulnerability in Google Chrome extensions allows malicious extensions to access sensitive information from browser process memory. This affects Chrome users who install untrusted extensions, potentially exposing data like passwords, cookies, or session tokens.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of browser session data including saved credentials, authentication tokens, and sensitive information from visited websites.
Likely Case
Information disclosure of limited browser memory contents, potentially exposing some user data or session information.
If Mitigated
No impact if users only install extensions from trusted sources and Chrome is fully updated.
🎯 Exploit Status
Requires social engineering to convince user to install malicious extension; no public exploit code available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 142.0.7444.59 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html
Restart Required: Yes
Instructions:
Open Chrome
Click three-dot menu → Help → About Google Chrome
Allow Chrome to check for and install updates
Click 'Relaunch' when prompted
🔧 Temporary Workarounds
Disable extension installation
allPrevent users from installing extensions via Group Policy or enterprise controls
Restrict extension sources
allConfigure Chrome to only allow extensions from Chrome Web Store
🧯 If You Can't Patch
- Only install extensions from trusted sources and Chrome Web Store
- Regularly audit installed extensions and remove unnecessary ones
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings → About Chrome; if version is below 142.0.7444.59, system is vulnerableCheck Version:
chrome://version/ or 'google-chrome --version' on command lineVerify Fix Applied:
Confirm Chrome version is 142.0.7444.59 or higher in About Chrome page📡 Detection & Monitoring
Log Indicators:
- Unusual extension installation events
- Extension permission changes
- Chrome crash reports with memory access errors
Network Indicators:
- Extensions making unexpected network requests
- Data exfiltration to unknown domains
SIEM Query:
source="chrome_extension_logs" AND (event="install" OR event="permission_change") AND extension_id NOT IN approved_list