cbcvebase.
CVE-2025-12428
published 2025-11-10

CVE-2025-12428: Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium…

PriorityP261high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
6.81%
93.2th percentile
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Affected

9 ranges
VendorProductVersion rangeFixed in
chromiumchromium>= 0 < 142.0.7444.59-1~deb12u1142.0.7444.59-1~deb12u1
chromiumchromium>= 0 < 142.0.7444.59-1~deb13u1142.0.7444.59-1~deb13u1
chromiumchromium>= 0 < 142.0.7444.59-1142.0.7444.59-1
debianchromium< chromium 142.0.7444.59-1~deb12u1 (bookworm)chromium 142.0.7444.59-1~deb12u1 (bookworm)
googlechrome< 142.0.7444.59142.0.7444.59
googlechrome>= 142.0.7444.59 < 142.0.7444.59142.0.7444.59
googlechrome_chrome
msrcmicrosoft_edge
paloaltoprisma_browser

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is triggered via a crafted HTML page delivering a V8 Type Confusion exploit; monitor for suspicious or unexpected JavaScript/HTML content targeting Chrome/Edge browsers below the fixed version.
  • ·Debian 'bullseye' remains unpatched/open for this CVE; systems running that release are still vulnerable and should be prioritised for upgrade or mitigation.
  • ·The fixed Chromium version for Debian stable (bookworm) is 142.0.7444.59-1~deb12u1; ensure package versions are at or above this level before marking hosts as remediated.

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.