CVE-2025-1566
HIGHGoogle ChromeOS Dev Channel <16002.23.0 - Info Disclosure
Title source: llmDescription
DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.
References (2)
Core 2
Core References
Broken Link
https://issues.chromium.org/issues/b/342802975
Issue Tracking, Mailing List
https://issuetracker.google.com/issues/342802975
Scores
CVSS v3
7.5
EPSS
0.0029
EPSS Percentile
52.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-1319
Status
published
Products (1)
google/chrome_os
16002.23.0
Published
Apr 16, 2025
Tracked Since
Feb 18, 2026