CVE-2025-10891

Published Sep 24, 2025

Last updated 5 months ago

CVSS high 8.8

Overview

Description
Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed
Products
chrome

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

chrome-cve-admin@google.com
CWE-472

Social media

Hype score
Not currently trending

  1. ⚠️ Vulnerabilidades en productos Google ❗ CVE-2025-10892 ❗ CVE-2025-10891 ❗ CVE-2025-10890 ➡️ Más info: https://t.co/RHQAELJgIt https://t.co/7Ksuz7uMHi

    @CERTpy

    9 Mar 2026

    156 Impressions

    0 Retweets

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  2. Top 5 Trending CVEs: 1 - CVE-2025-27363 2 - CVE-2026-21509 3 - CVE-2026-25253 4 - CVE-2025-10891 5 - CVE-2025-64328 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    2 Mar 2026

    157 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Here is my CVE-2025-10891 Chromium RCE PoC: https://t.co/jqrevQ9Ca4 https://t.co/NtAfSeQtFj

    @m411k_

    1 Mar 2026

    23052 Impressions

    93 Retweets

    482 Likes

    240 Bookmarks

    6 Replies

    2 Quotes

  4. ⚠️Vulnerabilidades en productos Google Chrome ❗CVE-2025-10890 ❗CVE-2025-10891 ❗CVE-2025-10892 ➡️Más info: https://t.co/yyPyKTfjHK https://t.co/I4ThIO9JKr

    @CERTpy

    30 Sept 2025

    98 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-10891 & CVE-2025-10892 by Google Big Sleep. How are you finding bugs? Google: We use AI Me: I’m fuzzing what the AI missed. You: ? https://t.co/P4mQYbtEfS

    @0xi6r

    26 Sept 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. (CVE-2025-10891)[443765373][ignition]Integer Overflow https://t.co/NIGVYJcRT5 https://t.co/ofvwHiSQrd Reported by Google Big Sleep

    @xvonfers

    25 Sept 2025

    1064 Impressions

    3 Retweets

    15 Likes

    12 Bookmarks

    0 Replies

    0 Quotes

  7. CVE-2025-10891 Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium se… https://t.co/SD456Ao1TY

    @CVEnew

    24 Sept 2025

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)CVE-2026-3545
  2. Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)CVE-2026-3544
  3. Inappropriate implementation in V8 in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)CVE-2026-3543
  4. Inappropriate implementation in WebAssembly in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)CVE-2026-3542
  5. Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)CVE-2026-3541

References

Sources include official advisories and independent security research.