CVE-2025-34092

Rejected reason: Neither filed by Chrome nor a valid security vulnerability...

CVE-2025-34092

...

CVE-2025-34092

CVE-2025-34092 describes a cookie encryption bypass in Google Chrome’s AppBound mechanism caused by weak path validation in the elevation service. The vulnerability allows an attacker to impersonate Chrome by naming a binary chrome.exe and placing it on a similar path, enabling retrieval of the e...

CVE-2025-34091 Chrome Cookie Encryption Bypass via Padding Oracle Attack on AppBound Encryption

A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...

PT-2025-27671 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome affected versions not specified Description: A security bypass issue exists in the AppBound cookie encryption mechanism of Google Chrome due to insufficient validation of COM server paths during inter-process communication. This...