CVE-2025-8582
BaseFortify
Publication date: 2025-08-07
Last updated on: 2025-11-13
Assigner: Chrome
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| microsoft | windows | * |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
| chrome | to 139.0.7258.66 (exc) | |
| apple | macos | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-NVD-CWE-noinfo | |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves insufficient validation of untrusted input in the Core component of Google Chrome before version 139.0.7258.66. It allows a remote attacker to spoof the contents of the Omnibox (the URL bar) by using a specially crafted HTML page, potentially misleading users about the actual website they are visiting.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to deceive you into believing you are visiting a legitimate website when you are not, potentially leading to phishing attacks or other forms of social engineering that exploit the spoofed URL bar.