CVE-2025-11205

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 141.0.7390.54 Google Chrome versions prior to 141.0.7390.54 Microsoft Edge (Chromium-based) versions prior to 141.0.7390.54

Description A heap buffer overflow exists in the WebGPU component of Google Chrome and Microsoft Edge. This issue could allow a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. The vulnerability, related to the open-source WebGPU standard implementation

dawn

, specifically affects the

ReflectEntryPointUsingTint

function. Successful exploitation may lead to remote code execution. The vulnerability allows attackers to affect the system.

Recommendations Chromium versions prior to 141.0.7390.54: Upgrade to version 141.0.7390.54 or later. Google Chrome versions prior to 141.0.7390.54: Upgrade to version 141.0.7390.54 or later. Microsoft Edge (Chromium-based) versions prior to 141.0.7390.54: Upgrade to version 141.0.7390.54 or later.

Fix

RCE

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALT-PU-2025-13054

BDU:2025-12620

CVE-2025-11205

DSA-6016-1

Affected Products

Alt Linux

Chromium

Debian

Google Chrome

Red Os

Dawn

CVE-2025-11205

Weakness Enumeration

Related Identifiers

Affected Products

References · 80