← back
CVE-2025-10891

CVE-2025-10891

CVSS 8.8 HIGHEPSS 6.6%CWE-472
In short

A math error in Chrome's JavaScript engine allows attackers to send a specially crafted webpage that could corrupt computer memory and potentially run malicious code.

Technical detail

Integer overflow vulnerability in V8 JavaScript engine permits remote code execution through heap corruption when processing crafted HTML; requires user to visit malicious webpage; impacts Chrome versions prior to 140.0.7339.207.

Summary generated and translated by AI from the official description.
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.htmlhttps://issues.chromium.org/issues/443765373