Cross-Origin Data Exposure in Google Chrome by Google
CVE-2025-8881

Currently unrated

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 13 August 2025

What is CVE-2025-8881?

A vulnerability in the File Picker feature of Google Chrome prior to version 139.0.7258.127 could allow a remote attacker to exploit specific UI gestures, leading to the leakage of cross-origin data through a specially crafted HTML page. This exposure could facilitate unauthorized access to sensitive information, underscoring the importance of using updated versions of the browser to mitigate such risks.

Affected Version(s)

Chrome 139.0.7258.127

References

https://chromereleases.googleblog.com/2025/08/stable-chan...

https://issues.chromium.org/issues/433800617

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 13, 2025
Vulnerability Reserved
Aug 12, 2025