PT-2025-1005 · Google+6 · Google Chrome+7

Popax21

Published

2025-01-07

Updated

2026-02-16

CVE-2025-0291

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 131.0.6778.264 Chromium-GOST versions prior to 134.0.6998.88-alt1 Yandex-Browser-Stable versions 24.12.4.1097-alt1 and 25.2.4.1000-alt1

Description A type confusion issue exists in the V8 JavaScript engine used in Google Chrome and Microsoft Edge. This flaw could allow a remote attacker to execute arbitrary code within a sandbox by crafting a malicious HTML page. The vulnerability is related to errors in how data types are handled. A proof-of-concept exploit is publicly available.

Recommendations Chromium versions prior to 131.0.6778.264: Upgrade to version 131.0.6778.264 or later. Chromium-GOST versions prior to 134.0.6998.88-alt1: Upgrade to version 134.0.6998.88-alt1 or later. Yandex-Browser-Stable versions prior to 24.12.4.1097-alt1 and 25.2.4.1000-alt1: Upgrade to version 24.12.4.1097-alt1 or 25.2.4.1000-alt1 or later.

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALT-PU-2025-1607

ALT-PU-2025-2945

ALT-PU-2025-4366

ALT-PU-2025-7539

ALT-PU-2025-8547

BDU:2025-00111

CVE-2025-0291

DSA-5840-1

OPENSUSE-SU-2025:14629-1

Affected Products

Alt Linux

Astra Linux

Brave

Debian

Google Chrome

Edge

Red Os

V8 Engine

PT-2025-1005 · Google+6 · Google Chrome+7

CVE-2025-0291

Weakness Enumeration

Related Identifiers

Affected Products

References · 44