CVE-2025-0441 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure CWE-79 — Cross-site Scripting8 documents8 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 77.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedJan 15

Latest updateFeb 12

Description

Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5google/chrome132.0.6834.83 — 132.0.6834.83

▶NVDgoogle/chrome< 132.0.6834.83

▶Debianchromium/chromium< 132.0.6834.83-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

CVEList

CVE-2025-0441: Inappropriate implementation in Fenced Frames in Google Chrome prior to 132↗2025-01-15

▶

GHSA

GHSA-r498-8rcj-p67x: Inappropriate implementation in Fenced Frames in Google Chrome prior to 132↗2025-01-15

▶

OSV

CVE-2025-0441: Inappropriate implementation in Fenced Frames in Google Chrome prior to 132↗2025-01-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)↗2025-02-12

▶

Microsoft

Chromium: CVE-2025-0441 Inappropriate implementation in Fenced Frames↗2025-01-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2025-0440↗2025-01-14

▶

Debian

CVE-2025-0441: chromium - Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.68...↗2025

▶