CVE-2025-11207 - Vulnerability Details

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Apple	Macos
Google	Chrome
Linux	Linux Kernel
Microsoft	Windows

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:linux:linux_kernel:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

No data.

References

Link	Providers
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html
https://issues.chromium.org/issues/428189824
https://nvd.nist.gov/vuln/detail/CVE-2025-11207
https://www.cve.org/CVERecord?id=CVE-2025-11207

History

Thu, 13 Nov 2025 15:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Apple Apple macos Linux Linux linux Kernel Microsoft Microsoft windows
CPEs		cpe:2.3:a:google:chrome:::::::: cpe:2.3:o:apple:macos:-:::::::* cpe:2.3:o:linux:linux_kernel:-:::::::* cpe:2.3:o:microsoft:windows:-:::::::*
Vendors & Products		Apple Apple macos Linux Linux linux Kernel Microsoft Microsoft windows

Wed, 12 Nov 2025 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125
Metrics	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}`	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N'}`

Wed, 12 Nov 2025 00:15:00 +0000

Type	Values Removed	Values Added
Title		chromium-browser: Side-channel information leakage in Storage
Weaknesses		CWE-515
References		https://nvd.nist.gov/vuln/detail/CVE-2025-11207 https://www.cve.org/CVERecord?id=CVE-2025-11207
Metrics	threat_severity `None`	cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N'}` threat_severity `Moderate`

Fri, 07 Nov 2025 11:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google chrome
Vendors & Products		Google Google chrome

Thu, 06 Nov 2025 22:15:00 +0000

Type	Values Removed	Values Added
Description		Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)
Weaknesses		CWE-1300
References		https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_30.html https://issues.chromium.org/issues/428189824

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2025-11-06T22:08:53.752Z

Updated: 2025-11-12T20:58:56.904Z

Reserved: 2025-09-30T21:50:11.895Z

Link: CVE-2025-11207

Vulnrichment

Updated: 2025-11-12T20:58:52.596Z

NVD

Status : Analyzed

Published: 2025-11-06T22:15:38.607

Modified: 2025-11-13T15:30:46.703

Link: CVE-2025-11207

Redhat

Severity : Moderate

Publid Date: 2025-11-06T22:08:53Z

Links: CVE-2025-11207 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object