Cross-Origin Data Exposure in Google Chrome by Google
CVE-2025-8881

6.5MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-8881?

A vulnerability in the File Picker feature of Google Chrome prior to version 139.0.7258.127 could allow a remote attacker to exploit specific UI gestures, leading to the leakage of cross-origin data through a specially crafted HTML page. This exposure could facilitate unauthorized access to sensitive information, underscoring the importance of using updated versions of the browser to mitigate such risks.

Affected Version(s)

Chrome 139.0.7258.127

References

https://chromereleases.googleblog.com/2025/08/stable-chan...

https://issues.chromium.org/issues/433800617

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Aug 12, 2025