CVE-2025-11207

CVSS 6.5 MEDIUMEPSS 0.2%CWE-125 CWE-1300

In short

A flaw in Google Chrome's storage system allows attackers to read or write data through a specially crafted webpage, potentially exposing sensitive information stored by the browser.

Technical detail

Side-channel vulnerability in Chrome's Storage API (CWE-125: Out-of-bounds Read; CWE-1300: Information Exposure) enables remote code execution of arbitrary read/write operations when a user visits a malicious HTML page. Exploitation requires user interaction (visiting crafted site) but can leak data from browser storage or other sensitive locations.

Summary generated and translated by AI from the official description.

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

Google · Chrome

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html https://issues.chromium.org/issues/428189824