CVE-2025-12445: 
vulnerability analysis and mitigation

CVE-2025-12445 is a policy bypass vulnerability discovered in Google Chrome's Extensions component. The vulnerability was reported by Thomas Greiner on June 29, 2025, and affects versions prior to 142.0.7444.59. This security flaw allows an attacker who convinces a user to install a malicious extension to leak cross-origin data through a crafted Chrome Extension (Chrome Releases).

The vulnerability has been assigned a CVSS 3.1 base score of 6.5 (Medium), with the following characteristics: Network attack vector, Low attack complexity, No privileges required, No user interaction needed, Unchanged scope, Low confidentiality impact, Low integrity impact, and No availability impact (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) (Ubuntu Security).

The vulnerability enables cross-origin data leakage when a user is convinced to install a malicious Chrome extension. While classified as Low severity by Chromium's security team, the potential for data leakage presents privacy and security concerns for affected users (Chrome Releases).

The vulnerability has been patched in Chrome version 142.0.7444.59 and later. Users are advised to update their Chrome browsers to the latest version. For Prisma Browser users, the fix is available in version 142.15.2.60 (PAN Security).