CVE-2025-8010

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 138.0.7204.168 Microsoft Edge versions prior to 138.0.7204.168 Chromium versions prior to 138.0.7204.168 Chromium versions 138.0.7204.168-1~deb12u1

Description A type confusion issue exists in the V8 JavaScript engine component of Google Chrome, Microsoft Edge, and Chromium. This issue could allow a remote attacker to exploit heap corruption by crafting a malicious HTML page. Exploitation may lead to arbitrary code execution or denial of service. The vulnerability is related to errors in data type conversion within the V8 engine.

Recommendations Update Google Chrome to version 138.0.7204.168 or later. Update Microsoft Edge to version 138.0.7204.168 or later. Update Chromium to version 138.0.7204.168 or later. For Debian systems, upgrade chromium packages to version 138.0.7204.168-1~deb12u1 or later. For openSUSE Tumbleweed systems, update the chromedriver package to version 138.0.7204.168-1.1 or later.