Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-6179

Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.

Published

2025-06-16T17:15:32.053

Last Modified

2025-07-02T18:23:31.617

Status

Analyzed

Source

7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	google	chrome_os	16181.27.0	Yes

References

https://issues.chromium.org/issues/b/399652193 Broken Link (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)
https://issuetracker.google.com/issues/399652193 Exploit, Issue Tracking (7f6e188d-c52a-4a19-8674-3c3fa7d1fc7f)