CVE-2025-8880
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed
Description
Description
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Affected Vendors & Products
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | From 5.5 (inc) to 5.10.238 (inc) |
| apple | macos | From 12.0 (inc) to 12.7.6 (inc) |
| chrome | to 139.0.7258.127 (exc) | |
| microsoft | windows | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
How can this vulnerability impact me? :
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart
Meta Information
CVE Publication Date:
2025-08-13
CVE Last Modified Date:
2025-08-14
Report Generation Date:
2025-11-04
AI Powered Q&A Generation:
2025-08-13
EPSS Last Evaluated Date:
2025-09-10
NVD Report Link: