High Published: Nov 06, 2025 Modified: Nov 25, 2025

CVE-2025-11458

8.1 CVSS SCORE

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Description

Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Affected Software Configurations

a google chrome * * * * * * * *
o apple macos - * * * * * * *
o linux linux_kernel - * * * * * * *
o microsoft windows - * * * * * * *

Weaknesses (CWE)

CWE-122
CWE-787

References & External Links

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/443196747

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker