CVE-2025-10891

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.207 Chromium versions prior to 140.0.7339.207 Chromium versions prior to 140.0.7339.207-1deb12u1 (Debian bookworm) Chromium versions prior to 140.0.7339.207-1deb13u1 (Debian trixie) Chromium version 141.0.7390.76-alt0.p11.1

Description An integer overflow exists in the V8 JavaScript engine component of Google Chrome and Chromium-based browsers. This issue could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, potentially leading to remote code execution or denial of service. Public proof-of-concept code is available. The vulnerability is due to an integer overflow occurring during the handling of user-hidden fields.

Recommendations Update Google Chrome to version 140.0.7339.207 or later. Update Chromium to version 140.0.7339.207 or later. For Debian bookworm, upgrade Chromium to version 140.0.7339.207-1deb12u1 or later. For Debian trixie, upgrade Chromium to version 140.0.7339.207-1deb13u1 or later. Update Chromium to version 141.0.7390.76-alt0.p11.1 or later.