Google Chrome is vulnerable to Authentication Bypass. The vulnerability exists due to the insufficient policy enforcement in Resource Timing, which allows an attacker to convince user to install a malicious extension to obtain potentially sensitive information from API via a crafted Chrome Extension.