2375968 – (CVE-2025-34092) CVE-2025-34092 chromium: Chrome Cookie Key Exposure

Bug 2375968 (CVE-2025-34092) - CVE-2025-34092 chromium: Chrome Cookie Key Exposure

Summary: CVE-2025-34092 chromium: Chrome Cookie Key Exposure

Keywords:
Status:	NEW
Alias:	CVE-2025-34092
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2376008 2376010
Blocks:
TreeView+	depends on / blocked

Reported:	2025-07-02 20:01 UTC by OSIDB Bzimport
Modified:	2025-11-03 06:05 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-07-02 20:01:29 UTC

A cookie encryption bypass vulnerability exists in Google Chrome’s AppBound mechanism due to weak path validation logic within the elevation service. When Chrome encrypts a cookie key, it records its own executable path as validation metadata. Later, when decrypting, the elevation service compares the requesting process’s path to this stored path. However, due to path canonicalization inconsistencies, an attacker can impersonate Chrome (e.g., by naming their binary chrome.exe and placing it in a similar path) and successfully retrieve the encrypted cookie key. This allows malicious processes to retrieve cookies intended to be restricted to the Chrome process only.

Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.

Note You need to log in before you can comment on or make changes to this bug.