CVE-2025-10201
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-10
Last updated on: 2025-09-22
Assigner: Chrome
Description
Description
Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| chrome | to 140.0.7339.127 (exc) | |
| android | * | |
| chrome_os | * | |
| linux | linux_kernel | From 5.15.160 (inc) to 5.16 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
| CWE-346 | The product does not properly verify that the source of data or communication is valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is due to an inappropriate implementation in Mojo within Google Chrome on Android, Linux, and ChromeOS versions prior to 140.0.7339.127. It allows a remote attacker to bypass site isolation by using a specially crafted HTML page.
How can this vulnerability impact me? :
The vulnerability can allow a remote attacker to bypass site isolation protections, potentially enabling them to access or interfere with data from other websites or browser contexts, which could lead to unauthorized data exposure or compromise.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70