Out of Bounds Read Vulnerability in Google Chrome
CVE-2025-12443

4.3MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 10 November 2025

Badges

📈 Score: 375📰 News Worthy

What is CVE-2025-12443?

CVE-2025-12443 is a vulnerability identified within the WebXR component of Google Chrome, a widely used web browser designed to facilitate safe and efficient browsing. This specific flaw allows for an out-of-bounds read, where a remote attacker can leverage a crafted HTML page to access memory locations that are outside the intended bounds of allocated space. This capability can expose sensitive information and allow attackers to manipulate or disclose data, which can have dire repercussions for both individual users and organizations that rely on Chrome for their web interactions.

As Google Chrome is deeply integrated into various organizational processes—from accessing web applications to conducting sensitive transactions—the exploitation of this vulnerability could lead to potential breaches of confidentiality and integrity. Users may unknowingly expose critical data while using affected versions of the browser, making it essential for organizations to remain vigilant and consistently update their software to mitigate associated risks.

Potential Impact of CVE-2025-12443

Data Leakage: The out-of-bounds read vulnerability can expose sensitive information stored in memory, which could include personal data, authentication tokens, or proprietary information. This breach of confidentiality may result in unauthorized access to systems and data compromises.
Increased Attack Surface: Organizations utilizing affected versions of Chrome may become targets for further attacks, as potential attackers exploit the vulnerability to gain footholds in networks. The accessibility of crafted malicious pages increases the likelihood of successful exploitation.
Reputation Damage: If exploited, this vulnerability can lead to significant reputational harm for organizations, particularly if customer data is leaked or if the organization is seen as incapable of safeguarding its systems. This damage can result in a loss of customer trust and potential financial repercussions due to regulatory penalties or loss of business.

Affected Version(s)

Chrome 142.0.7444.59

News Articles

Risky Biz

CVE-2025-55182 CVE-2025-12443

APTs go after the React2Shell vulnerability within hours

In other news: CISA Director nomination stalls again; NSA cuts 2,000 staff; Intellexa still active despite sanctions.

2 weeks ago

Hackread

CVE-2025-12443

WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now

A serious security vulnerability in the underlying technology for most of the world’s web was recently discovered in the underlying code for most of the world’s web browsers, putting over 4 billion devices at...

2 weeks ago

References

https://chromereleases.googleblog.com/2025/10/stable-chan...

https://issues.chromium.org/issues/452071845

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📰
First article discovered by Hackread
Dec 5, 2025
Vulnerability published
Nov 10, 2025
Vulnerability Reserved
Oct 28, 2025

JSON