CVE-2025-11207

EPSS 0.04%
Veröffentlicht 06.11.2025 22:15:38
Zuletzt bearbeitet 13.11.2025 15:30:46
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version < 141.0.7390.54

   Apple ≫ macOS Version-
   Linux ≫ Linux Kernel Version-
   Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.112

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	3.9	2.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-1300 Improper Protection of Physical Side Channels

The device does not contain sufficient protection mechanisms to prevent physical side channels from exposing sensitive information due to patterns in physically observable phenomena such as variations in power consumption, electromagnetic emissions (EME), or acoustic emissions.

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html

Vendor Advisory

Release Notes

https://issues.chromium.org/issues/428189824

Issue Tracking

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2025-11207

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-11207

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-11207

EUVD