EXECUTIVE SUMMARY:
CVE-2025-11205: A heap buffer overflow in the WebGPU component of Chromium-based browsers could allow an attacker to execute arbitrary code or crash the browser. This vulnerability has been assigned a CVSS 9.8.
CVE-2025-11206: A heap buffer overflow in the Video component of Chromium-based browsers may enable an attacker to execute arbitrary code or cause a denial of service. This vulnerability has been assigned a CVSS 9.8.
CVE-2025-11207: A side-channel information leakage in the Storage component of Chromium-based browsers could allow an attacker to access sensitive data through indirect means. This vulnerability has been assigned a CVSS 7.5.
CVE-2025-11208: An inappropriate implementation in the Media component of Chromium-based browsers might lead to unexpected behavior or security issues. This vulnerability has been assigned a CVSS 9.8.
CVE-2025-11209: An inappropriate implementation in the Omnibox feature of Chromium-based browsers could result in security restrictions being bypassed.
CVE-2025-11212: Like CVE-2025-11208, this vulnerability involves an inappropriate implementation in the Media component of Chromium-based browsers.
CVE-2025-11213: This vulnerability pertains to an inappropriate implementation in the Omnibox feature of Chromium-based browsers, potentially leading to security issues. This vulnerability has been assigned a CVSS 9.8.
CVE-2025-11215: An off-by-one error in the V8 engine used by Chromium-based browsers could lead to arbitrary code execution. This vulnerability has been assigned a CVSS 9.1.
CVE-2025-11219: A security restriction bypass in the Omnibox feature of Chromium-based browsers might allow attackers to circumvent security measures.
RECOMMENDATION:
We strongly recommend you update Chrome to versions 141.0.7390.54 for Linux and 141.0.7390.54/55 for Windows.
REFERENCES:
The following reports contain further technical details: