CVE-2025-5959
published 2025-06-11CVE-2025-5959: Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page…
PriorityP260high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
10.17%
95.1th percentile
Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chromium | chromium | >= 0 < 137.0.7151.103-1~deb12u1 | 137.0.7151.103-1~deb12u1 |
| chromium | chromium | >= 0 < 137.0.7151.103-1 | 137.0.7151.103-1 |
| chromium | chromium | >= 0 < 137.0.7151.103-1 | 137.0.7151.103-1 |
| debian | chromium | < chromium 137.0.7151.103-1~deb12u1 (bookworm) | chromium 137.0.7151.103-1~deb12u1 (bookworm) |
| chrome | < 137.0.7151.103 | 137.0.7151.103 | |
| chrome | >= 137.0.7151.103 < 137.0.7151.103 | 137.0.7151.103 | |
| chrome_chrome | — | — | |
| msrc | microsoft_edge | — | — |
| paloalto | prisma_browser | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2025-5959 is a Type Confusion vulnerability in the V8 JavaScript/WebAssembly engine; exploitation is triggered via a crafted HTML page delivered remotely, enabling RCE inside the Chrome sandbox. Monitor for suspicious headless Chromium browser activity spawned by Grafana Image Renderer or Synthetic Monitoring Agent processes. ↗
- →The vulnerability was demonstrated as exploitable in Grafana Image Renderer (versions prior to 3.12.9) and Grafana Synthetic Monitoring Agent (versions before 0.38.3), both of which embed a headless Chromium browser. Alert on these specific component versions processing untrusted HTML content. ↗
- →The vulnerability was reported as part of TyphoonPWN 2025 by Seunghyun Lee, indicating a known public proof-of-concept context exists. Prioritize detection of V8 type confusion exploitation patterns in Chrome/Chromium 137 prior to version 137.0.7151.103. ↗
- ·Grafana Cloud and Azure Managed Grafana instances have already been patched server-side; only self-hosted deployments of Grafana Image Renderer and Synthetic Monitoring Agent require manual action. ↗
- ·Debian Bullseye (oldoldstable) remains unpatched/open for this CVE as of the time of reporting; environments running Chromium on Bullseye should be treated as vulnerable. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH
vendor_debian8.8HIGH
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Palo Alto
PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
vendor_paloalto·2025-07-09·CVSS 8.8
CVE-2025-5958 [HIGH] PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)
Palo Alto Networks incorporated the following Chromium security fixes into our products: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_17.html CVE Summary CVE-2025-5958 Use after free in Media CVE-2025-5959 Type Confusion in V8 CVE-2025-6191 Integer overflow in V8 CVE-2025-6192 Use after free in Metrics CVE-2025-6554 Type confusion in V8 CVE-2025-6555 Use after free in Animation CVE-2025-6556 Insufficient policy enforcement in Loader CVE-2025-6557 Insufficient data validation in DevTools
CVEs: CVE-2025-5958, CVE-20
Microsoft
Chromium: CVE-2025-5959 Type Confusion in V8
vendor_msrc·2025-06-10·CVSS 8.8
CVE-2025-5959 [HIGH] Chromium: CVE-2025-5959 Type Confusion in V8
Chromium: CVE-2025-5959 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ: What is
Chrome
Stable Channel Update for Desktop: CVE-2025-5958
vendor_chrome·2025-06-10·CVSS 8.8
CVE-2025-5958 [HIGH] Stable Channel Update for Desktop: CVE-2025-5958
Stable Channel Update for Desktop
CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25 [NA][ 422313191 ] High CVE-2025-5959: Type Confusion in V8
Reported by Seunghyun Lee as part of TyphoonPWN 2025 on 2025-06-04 We would also like to thank all security researchers that worked with us during the development cycle to prevent security bugs from ever reaching the stable channel
Severity: high
Debian
CVE-2025-5959: chromium - Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote a...
vendor_debian·2025·CVSS 8.8
CVE-2025-5959 [HIGH] CVE-2025-5959: chromium - Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote a...
Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Scope: local
bookworm: resolved (fixed in 137.0.7151.103-1~deb12u1)
bullseye: open
forky: resolved (fixed in 137.0.7151.103-1)
sid: resolved (fixed in 137.0.7151.103-1)
trixie: resolved (fixed in 137.0.7151.103-1)
OSV
CVE-2025-5959: Type Confusion in V8 in Google Chrome prior to 137
osv·2025-06-11·CVSS 8.8
CVE-2025-5959 [HIGH] CVE-2025-5959: Type Confusion in V8 in Google Chrome prior to 137
Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
GHSA
GHSA-22v5-q59j-h85m: Type Confusion in V8 in Google Chrome prior to 137
ghsa_unreviewed·2025-06-11
CVE-2025-5959 [HIGH] CWE-843 GHSA-22v5-q59j-h85m: Type Confusion in V8 in Google Chrome prior to 137
Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
No detection rules found.
No public exploits indexed.
2025-06-11
Published