PT-2025-39218 · Openssl+4 · Openssl+4
Published
2025-01-01
·
Updated
2026-03-03
·
CVE-2025-10891
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 140.0.7339.207
Chromium versions prior to 140.0.7339.207
Chromium versions prior to 140.0.7339.207-1deb12u1 (Debian bookworm)
Chromium versions prior to 140.0.7339.207-1deb13u1 (Debian trixie)
Chromium version 141.0.7390.76-alt0.p11.1
Description
An integer overflow exists in the V8 JavaScript engine component of Google Chrome and Chromium-based browsers. This issue could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page, potentially leading to remote code execution or denial of service. Public proof-of-concept code is available. The vulnerability is due to an integer overflow occurring during the handling of user-hidden fields.
Recommendations
Update Google Chrome to version 140.0.7339.207 or later.
Update Chromium to version 140.0.7339.207 or later.
For Debian bookworm, upgrade Chromium to version 140.0.7339.207-1deb12u1 or later.
For Debian trixie, upgrade Chromium to version 140.0.7339.207-1deb13u1 or later.
Update Chromium to version 141.0.7390.76-alt0.p11.1 or later.
Fix
RCE
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Debian
Google Chrome
Openssl
Red Os