INFCESA-2025:0007: chromium security update (Important)
Information about definition
Identificator: INFCESA-2025:0007
Type: security
Release date: 2025-10-17 10:30:56 UTC
Information about package
Chromium is an open-source web browser, powered by WebKit (Blink)
Vulnerabilities description
- CVE-2025-10890
Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10891
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-10892
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity level
| CVE | Score CVSS 2.0 | Score CVSS 3.x | Score CVSS 4.0 |
|---|---|---|---|
|
NIST — CVE-2025-10890
|
no information | 9.1 | no information |
|
NIST — CVE-2025-10891
|
no information | 8.8 | no information |
|
NIST — CVE-2025-10892
|
no information | 8.8 | no information |
Updated packages
Preparing to download...