CVE-2025-34090 - Vulnerability Details

Description

Neither filed by Chrome nor a valid security vulnerability.

Published: 2025-07-02

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

Vendor	Product	Confidence	Versions
Google	Chrome	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-19759	A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to insufficient validation of COM server paths during inter-process communication. A local low-privileged attacker can hijack the COM class identifier (CLSID) registration used by Chrome's elevation service and point it to a non-existent or malicious binary. When this hijack occurs, Chrome silently falls back to the legacy cookie encryption mechanism (protected only by user-DPAPI), thereby enabling cookie decryption by any user-context malware without SYSTEM-level access. This flaw bypasses the protections intended by the AppBound encryption design and allows cookie theft from Chromium-based browsers. Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

No reference.

History

Thu, 24 Jul 2025 17:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-276 CWE-426
References	https://vulncheck.com/advisories/google-chrome-appbound-cookie-encryption https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption
Metrics	cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Thu, 24 Jul 2025 02:15:00 +0000

Type	Values Removed	Values Added
Title	Google Chrome AppBound Cookie Encryption Bypass via COM Hijacking
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 24 Jul 2025 02:00:00 +0000

Type	Values Removed	Values Added
Description	A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to insufficient validation of COM server paths during inter-process communication. A local low-privileged attacker can hijack the COM class identifier (CLSID) registration used by Chrome's elevation service and point it to a non-existent or malicious binary. When this hijack occurs, Chrome silently falls back to the legacy cookie encryption mechanism (protected only by user-DPAPI), thereby enabling cookie decryption by any user-context malware without SYSTEM-level access. This flaw bypasses the protections intended by the AppBound encryption design and allows cookie theft from Chromium-based browsers. Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.	Neither filed by Chrome nor a valid security vulnerability.
Metrics	cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`	cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X'}`

Wed, 02 Jul 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 02 Jul 2025 19:30:00 +0000

Type	Values Removed	Values Added
Description		A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to insufficient validation of COM server paths during inter-process communication. A local low-privileged attacker can hijack the COM class identifier (CLSID) registration used by Chrome's elevation service and point it to a non-existent or malicious binary. When this hijack occurs, Chrome silently falls back to the legacy cookie encryption mechanism (protected only by user-DPAPI), thereby enabling cookie decryption by any user-context malware without SYSTEM-level access. This flaw bypasses the protections intended by the AppBound encryption design and allows cookie theft from Chromium-based browsers. Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.
Title		Google Chrome AppBound Cookie Encryption Bypass via COM Hijacking
Weaknesses		CWE-276 CWE-426
References		https://vulncheck.com/advisories/google-chrome-appbound-cookie-encryption https://www.cyberark.com/resources/threat-research-blog/c4-bomb-blowing-up-chromes-appbound-cookie-encryption
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}`

Subscriptions

Google Chrome

MITRE

Status: REJECTED

Assigner: VulnCheck

Published: 2025-07-02T19:25:13.805Z

Updated: 2025-07-24T01:25:41.316Z

Reserved: 2025-04-15T19:15:22.551Z

Link: CVE-2025-34090

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2025-07-02T20:15:30.110

Modified: 2025-07-24T07:15:52.967

Link: CVE-2025-34090

Redhat

No data.

OpenCVE Enrichment

Updated: 2025-07-06T22:16:24Z

Weaknesses

No weakness.

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object