CVE-2025-5959

Published Jun 11, 2025

Last updated a month ago

Google Chrome V8

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-5959 is a type confusion vulnerability affecting the V8 JavaScript engine in Google Chrome versions prior to 137.0.7151.103. This flaw can be exploited by a remote attacker who crafts a malicious HTML page. The vulnerability was reported by Seunghyun Lee as part of TyphoonPWN 2025. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code within the browser's sandbox. To mitigate this vulnerability, users are advised to update their Chrome browsers to version 137.0.7151.103 or later.

Description: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Source: chrome-cve-admin@google.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Secondary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

chrome-cve-admin@google.com: CWE-843

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0484C380-B2A9-42B9-AA31-6FFDFC32D0A3",
            "versionEndExcluding": "137.0.7151.103"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.