cvedb.io
CVE-2025-68467
LOW · CVSS 3.4
EPSS exploitation probability: 0%
Published 2026-03-04T22:16:11.860 · Last modified 2026-06-17T09:59:06.643

Summary

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets (stored on websites different from the original web page), Dark Reader requests such files via a background worker, ensuring the request is performed with no credentials and that the content type of the response is a CSS file. Prior to Dark Reader 4.9.117, this style content was assigned to an HTML Style Element in order to parse and loop through style declarations, and also stored in page's Session Storage for performance gains. This could allow a website author to request a style sheet from a locally running web server, for example by havin

Affected products

darkreader — darkreader

Does this affect you?

Add your gear to cvedb and we'll alert you only when darkreader ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.