PT-2025-30493 · Google+4 · Google Chrome+4
Shaheen Fazim
·
Published
2025-07-09
·
Updated
2025-10-24
·
CVE-2025-8011
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 138.0.7204.168
Microsoft Edge versions prior to 138.0.7204.168
Chromium versions prior to 138.0.7204.168
Chromium in Debian versions prior to 138.0.7204.168-1~deb12u1
Description
A type confusion issue exists in the V8 JavaScript engine component used in Google Chrome, Microsoft Edge, and Chromium browsers. This issue could allow a remote attacker to potentially exploit heap corruption by crafting a malicious HTML page. Exploitation of this issue may lead to denial of service or, potentially, arbitrary code execution. The vulnerability is related to errors in data type conversion within the V8 engine.
Recommendations
Google Chrome versions prior to 138.0.7204.168: Upgrade to version 138.0.7204.168 or later.
Microsoft Edge versions prior to 138.0.7204.168: Upgrade to version 138.0.7204.168 or later.
Chromium versions prior to 138.0.7204.168: Upgrade to version 138.0.7204.168 or later.
Chromium in Debian versions prior to 138.0.7204.168-1deb12u1: Upgrade to version 138.0.7204.168-1deb12u1 or later.
Fix
Type Confusion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Google Chrome
Red Os