CVE-2025-6179: ChromeOS 16181.27.0 ExtMgt Perm Bypass
CVE-2025-6179 Published on June 16, 2025
ChromeOS Extension Disablement and Developer Mode Bypass via ExtHang3r and ExtPrint3r Exploits
Permissions Bypass in Extension Management in Google ChromeOS 16181.27.0 on managed Chrome devices allows a local attacker to disable extensions and access Developer Mode, including loading additional extensions via exploiting vulnerabilities using the ExtHang3r and ExtPrint3r tools.
Vulnerability Analysis
CVE-2025-6179 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Incorrect Default Permissions
During installation, installed file permissions are set to allow anyone to modify those files.
Products Associated with CVE-2025-6179
stack.watch emails you whenever new vulnerabilities are published in Google Chrome or Google ChromeOS. Just hit a watch button to start following.
Affected Versions
Google ChromeOS Version 16181.27.0 is affected by CVE-2025-6179Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.