CVE-2025-11460

Published Nov 6, 2025

Last updated 3 months ago

CVSS high 8.8

Overview

Description
Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed
Products
chrome

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

chrome-cve-admin@google.com
CWE-416

Social media

Hype score
Not currently trending

  1. Day 1 of the Chromium debug build on the new Garuda R&D rig — 17% in and deep in the Mojo/Blink layers 🔥 Phase 2 going smooth, ~20 GB RAM so far with plenty of headroom. Next up: finish build → CodeQL db → first CVE-2025-11460 repro. #ChromeVRP #BrowserSecurity htt

    @DocTryphon

    21 Feb 2026

    69 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  2. 🐞Bug Spotlight: CVE-2025-11460 – Use-after-Free in Chrome Mojo IndexedDB Connection [bounty $100000] Logic issue in async destruction of an indexeddb database, leading to dangling pointer to database connection object, reusable with user-controlled memory corruption. Attac

    @zerodaytraining

    22 Jan 2026

    5627 Impressions

    4 Retweets

    86 Likes

    47 Bookmarks

    1 Reply

    0 Quotes

  3. CVE-2025-11460 Use-After-Free Vulnerability in Google Chrome Storage Enables Remote Code Execution https://t.co/zOAFttArUP

    @VulmonFeeds

    7 Nov 2025

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-11460 Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security sev… https://t.co/ZoTmedpibK

    @CVEnew

    6 Nov 2025

    226 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Chromium: CVE-2025-11460 Use after free in Storage https://t.co/qpgF3pe3Dt #cybersecurity #SecQube

    @SecQube

    10 Oct 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. (CVE-2025-11460)[IDB]UAF in Storage https://t.co/FSy90OSbZn https://t.co/Nhb0Bj6fCP https://t.co/zwqOxOmTrS Reported by Sombra https://t.co/hruSgF1QwZ

    @xvonfers

    8 Oct 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)CVE-2026-3063
  2. Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)CVE-2026-3062
  3. Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)CVE-2026-3061
  4. Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)CVE-2026-2650
  5. Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)CVE-2026-2649

References

Sources include official advisories and independent security research.