Home

Description

DNS Leak in Native System VPN in Google ChromeOS Dev Channel on ChromeOS 16002.23.0 allows network observers to expose plaintext DNS queries via failure to properly tunnel DNS traffic during VPN state transitions.

PUBLISHED Reserved 2025-02-21 | Published 2025-04-16 | Updated 2025-05-08 | Assigner ChromeOS

Problem types

Network Security Isolation (NSI)

Product status

16002.23.0 (custom) before 16002.23.0
affected

References

issuetracker.google.com/issues/342802975

issues.chromium.org/issues/b/342802975

cve.org (CVE-2025-1566)

nvd.nist.gov (CVE-2025-1566)

Download JSON