CVE-2025-11205

CVSS v3.1

8.8

High

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 141.0.7390.54 Google Chrome versions prior to 141.0.7390.54 Microsoft Edge (Chromium-based) versions prior to 141.0.7390.54

Description A heap buffer overflow exists in the WebGPU component of Google Chrome and Microsoft Edge. This issue could allow a remote attacker who has compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. The vulnerability, related to the open-source WebGPU standard implementation dawn, specifically affects the ReflectEntryPointUsingTint function. Successful exploitation may lead to remote code execution. The vulnerability allows attackers to affect the system.

Recommendations Chromium versions prior to 141.0.7390.54: Upgrade to version 141.0.7390.54 or later. Google Chrome versions prior to 141.0.7390.54: Upgrade to version 141.0.7390.54 or later. Microsoft Edge (Chromium-based) versions prior to 141.0.7390.54: Upgrade to version 141.0.7390.54 or later.

Fix

RCE

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2025-13054

BDU:2025-12620

CVE-2025-11205

DSA-6016-1

OPENSUSE-SU-2025:15601-1

OPENSUSE-SU-2025:20020-1

Affected Products

Alt Linux

Chromium

Debian

Google Chrome

Red Os

Dawn

CVE-2025-11205

Weakness Enumeration

Related Identifiers

Affected Products

References · 52