CVE-2025-34090
Google Chrome AppBound Cookie Encryption Bypass via COM Hijacking
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Google Chrome AppBound Cookie Encryption Bypass via COM Hijacking
A security bypass vulnerability exists in Google Chrome AppBound cookie encryption mechanism due to insufficient validation of COM server paths during inter-process communication. A local low-privileged attacker can hijack the COM class identifier (CLSID) registration used by Chrome's elevation service and point it to a non-existent or malicious binary. When this hijack occurs, Chrome silently falls back to the legacy cookie encryption mechanism (protected only by user-DPAPI), thereby enabling cookie decryption by any user-context malware without SYSTEM-level access. This flaw bypasses the protections intended by the AppBound encryption design and allows cookie theft from Chromium-based browsers. Confirmed in Google Chrome with AppBound Encryption enabled. Other Chromium-based browsers may be affected if they implement similar COM-based encryption mechanisms.
Reserved 2025-04-15 | Published 2025-07-02 | Updated 2025-07-03 | Assigner VulnCheckCWE-276 Incorrect Default Permissions
Ari Novick of CyberArk Labs
www.cyberark.com/...ng-up-chromes-appbound-cookie-encryption
vulncheck.com/...es/google-chrome-appbound-cookie-encryption
Support options
