CVE-2025-23362
📋 TL;DR
EXIF Viewer Classic versions 2.3.2 and 2.4.0 contain a cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in users' browsers when they view images with malicious EXIF metadata. This affects users of the Chrome extension who haven't updated to version 3.0.1 or later. The vulnerability could lead to session hijacking, credential theft, or other client-side attacks.
💻 Affected Systems
- EXIF Viewer Classic
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal user sessions, credentials, or sensitive data from the browser, perform actions as the user, or redirect to malicious sites.
Likely Case
Attackers could inject malicious scripts that steal cookies or session tokens, potentially compromising user accounts on websites where the extension is active.
If Mitigated
With proper Content Security Policy headers and modern browser protections, script execution might be blocked, limiting impact to minor UI manipulation.
🎯 Exploit Status
Exploitation requires users to view images with malicious EXIF metadata, which could be delivered via websites, emails, or social media.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.1 and later
Vendor Advisory: https://jvn.jp/en/jp/JVN05508012/
Restart Required: No
Instructions:
1. Open Chrome browser. 2. Go to chrome://extensions/. 3. Find EXIF Viewer Classic. 4. Click 'Update' or remove and reinstall from Chrome Web Store. 5. Verify version is 3.0.1 or higher.
🔧 Temporary Workarounds
Disable Extension
allTemporarily disable the EXIF Viewer Classic extension until patched.
chrome://extensions/ → Toggle OFF for EXIF Viewer Classic
Remove Extension
allCompletely remove the vulnerable extension.
chrome://extensions/ → Click 'Remove' for EXIF Viewer Classic
🧯 If You Can't Patch
- Disable JavaScript execution for the extension via Content Security Policy if possible.
- Use browser extensions that block XSS payloads or sanitize EXIF data.
🔍 How to Verify
Check if Vulnerable:
Check extension version in chrome://extensions/. If version is 2.3.2 or 2.4.0, you are vulnerable.Check Version:
chrome://extensions/ → Find EXIF Viewer Classic → Check version numberVerify Fix Applied:
Confirm extension version is 3.0.1 or higher in chrome://extensions/.📡 Detection & Monitoring
Log Indicators:
- Unusual JavaScript execution in browser console related to EXIF parsing
- Errors from EXIF Viewer Classic extension
Network Indicators:
- Requests to unexpected domains after viewing images
- Suspicious data exfiltration patterns
SIEM Query:
Not applicable for client-side browser extension vulnerability