CVE-2025-10502

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 140.0.7339.185 Microsoft Edge (Chromium-based) versions prior to 140.0.7339.185

Description A heap buffer overflow exists in the ANGLE component of Google Chrome and Microsoft Edge. This issue could allow a remote attacker to potentially execute arbitrary code or cause heap corruption through specially crafted network traffic. The ANGLE component is responsible for translating graphics APIs. The vulnerability is related to a heap-based buffer overflow in the TIntermBinary::promote() function, specifically involving nested structures with sampler fields. An exploit for this issue is reportedly in the wild.

Recommendations Chromium versions prior to 140.0.7339.185 should be upgraded. Microsoft Edge (Chromium-based) versions prior to 140.0.7339.185 should be upgraded. Chromium versions prior to 141.0.7390.76-alt0.p11.1 should be upgraded.