Cross-Origin Data Leakage in Google Chrome's V8 Engine
CVE-2025-10890

9.1CRITICAL

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 24 September 2025

What is CVE-2025-10890?

A vulnerability in the V8 JavaScript engine of Google Chrome prior to version 140.0.7339.207 allows remote attackers to exploit side-channel information leakage. By crafting a malicious HTML page, an attacker can potentially leak sensitive cross-origin data from the browser. This vulnerability underscores the importance of securing web applications and regularly updating browsers to prevent exploitation.

Affected Version(s)

Chrome 140.0.7339.207

References

https://chromereleases.googleblog.com/2025/09/stable-chan...

https://issues.chromium.org/issues/430336833

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 24, 2025
Vulnerability Reserved
Sep 23, 2025

JSON