1
CRITICAL
0
HIGH
0
MEDIUM
0
LOW
0
POC
0
KEV
Monthly
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Authentication Bypass
Chrome
Suse
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-4052
EPSS 0%
CVSS 9.8
CRITICAL
PATCH
Act Now
Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Authentication Bypass
Chrome
+1
NVD