High Published: Nov 06, 2025 Modified: Nov 13, 2025

CVE-2025-11205

8.8 CVSS SCORE

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Affected Software Configurations

a google chrome * * * * * * * *
o apple macos - * * * * * * *
o linux linux_kernel - * * * * * * *
o microsoft windows - * * * * * * *

Weaknesses (CWE)

CWE-122
CWE-787

References & External Links

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html
https://issues.chromium.org/issues/442444724

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker