CVE-2025-10201

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 140.0.7339.127 Chromium versions 140.0.7339.127-1deb12u1 through 140.0.7339.127-1deb13u1 Chromium version 141.0.7390.76-alt0.p11.1

Description The issue involves an inappropriate implementation within the Mojo IPC library used by Google Chrome and Microsoft Edge browsers. This flaw in access control could allow a remote attacker to bypass security restrictions. Exploitation may involve crafted HTML pages to bypass site isolation. The vulnerability affects systems running Google Chrome on Android, Linux, and ChromeOS. The Mojo library's ChannelPosix component incorrectly handles a large number of file descriptors in a message, potentially leading to file descriptor confusion.

Recommendations Chromium versions prior to 140.0.7339.127: Upgrade to version 140.0.7339.127 or later. Chromium versions 140.0.7339.127-1deb12u1 through 140.0.7339.127-1deb13u1: Upgrade to a version later than 140.0.7339.127-1~deb13u1. Chromium version 141.0.7390.76-alt0.p11.1: No further action is required.