CVE-2025-0291
published 2025-01-08CVE-2025-0291: Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…
PriorityP258high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
7.43%
93.7th percentile
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 131.0.6778.264-1~deb12u1 | 131.0.6778.264-1~deb12u1 |
| chromium | chromium | >= 0 < 131.0.6778.264-1 | 131.0.6778.264-1 |
| chromium | chromium | >= 0 < 131.0.6778.264-1 | 131.0.6778.264-1 |
| debian | chromium | < chromium 131.0.6778.264-1~deb12u1 (bookworm) | chromium 131.0.6778.264-1~deb12u1 (bookworm) |
| chrome | < 131.0.6778.264 | 131.0.6778.264 | |
| chrome | >= 131.0.6778.264 < 131.0.6778.264 | 131.0.6778.264 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| paloalto | prisma_browser | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires a crafted HTML page delivered to the victim; monitor for suspicious or unexpected HTML content triggering V8 JavaScript engine type confusion errors in Chrome/Edge. ↗
- →Target vulnerable Google Chrome versions prior to 131.0.6778.264; flag any instances of these versions in the environment as unpatched and at risk. ↗
- ·Exploitation is sandboxed — arbitrary code execution is confined within the Chrome/Edge renderer sandbox; a sandbox escape would be required for full system compromise. ↗
- ·Debian Bullseye remains unpatched/open as of the tracked data; environments running Bullseye with Chromium are still exposed. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)
vendor_paloalto·2025-02-12·CVSS 8.8
[HIGH] PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)
PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)
Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html CVE Summary CVE-2025-0291 Type Confusion in V8 CVE-2025-0434 Out of bounds memory access in V8 CVE-2025-0435 Inappropriate implementation in Navigation CVE-2025-0436 Integer overflow in Skia CVE-2025-0437
Microsoft
Chromium: CVE-2025-0291 Type Confusion in V8
vendor_msrc·2025-01-14·CVSS 8.8
CVE-2025-0291 [HIGH] Chromium: CVE-2025-0291 Type Confusion in V8
Chromium: CVE-2025-0291 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ: What is
Chrome
Stable Channel Update for Desktop: CVE-2025-0291
vendor_chrome·2025-01-07·CVSS 8.8
CVE-2025-0291 [HIGH] Stable Channel Update for Desktop: CVE-2025-0291
Stable Channel Update for Desktop
CVE-2025-0291: Type Confusion in V8. Reported by Popax21 on 2024-12-11 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: high
Debian
CVE-2025-0291: chromium - Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote a...
vendor_debian·2025·CVSS 8.8
CVE-2025-0291 [HIGH] CVE-2025-0291: chromium - Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote a...
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 131.0.6778.264-1~deb12u1)
bullseye: open
forky: resolved (fixed in 131.0.6778.264-1)
sid: resolved (fixed in 131.0.6778.264-1)
trixie: resolved (fixed in 131.0.6778.264-1)
OSV
CVE-2025-0291: Type Confusion in V8 in Google Chrome prior to 131
osv·2025-01-08·CVSS 8.8
CVE-2025-0291 [HIGH] CVE-2025-0291: Type Confusion in V8 in Google Chrome prior to 131
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
GHSA
GHSA-vh5q-rxqq-3f32: Type Confusion in V8 in Google Chrome prior to 131
ghsa_unreviewed·2025-01-08
CVE-2025-0291 [HIGH] CWE-843 GHSA-vh5q-rxqq-3f32: Type Confusion in V8 in Google Chrome prior to 131
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-01-08
Published