CVE-2025-10891
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-24

Last updated on: 2025-09-25

Assigner: Chrome

Description
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-24
Last Modified
2025-09-25
Generated
2026-05-07
AI Q&A
2025-09-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-10891
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 5.15.160 (inc) to 5.16 (inc)
google chrome to 140.0.7339.207 (exc)
apple macos *
microsoft windows *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-472 The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an integer overflow in the V8 JavaScript engine used in Google Chrome versions prior to 140.0.7339.207. It allows a remote attacker to potentially cause heap corruption by crafting a malicious HTML page, which can lead to exploitation of the browser.


How can this vulnerability impact me? :

If exploited, this vulnerability can lead to severe impacts including unauthorized code execution, data corruption, or denial of service on the affected system. Since it can be triggered remotely via a crafted web page, users may be at risk simply by visiting a malicious website.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart