High Published: Nov 06, 2025 Modified: Nov 25, 2025

CVE-2025-11460

8.8 CVSS SCORE

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)

CVSS Vector Details

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Affected Software Configurations

a google chrome * * * * * * * *
o apple macos - * * * * * * *
o linux linux_kernel - * * * * * * *
o microsoft windows - * * * * * * *

Weaknesses (CWE)

CWE-416

References & External Links

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop.html
https://issues.chromium.org/issues/446722008

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

← Back to CVE Tracker