CVE Vulnerabilities

CVE-2025-6556

Authentication Bypass Using an Alternate Path or Channel

Published: Jun 24, 2025 | Modified: Jul 02, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Weakness

A product requires authentication, but the product has an alternate path or channel that does not require authentication.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 138.0.7204.49 (excluding)
Chromium-browser Ubuntu upstream *

Potential Mitigations

References