Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
Loading...
Loading...
Score 8.8 from GitHub Security Advisory (severity: HIGH) published 2025-11-07. NVD baseline CVSS 8.8; sources differ by 0.0.
Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High)
November 6, 2025
November 25, 2025
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Every vendor that published an advisory referencing this CVE — pulled from our cve_vendor_advisories aggregation. Click any row for the vendor's original advisory page.
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Working exploit code is in the public domain (1 GitHub PoC). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
Chromium IndexedDB Use-After-Free RCE Vulnerability
Open source ↗Explore the affected products and dependency analysis for CVE-2025-11460
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.
msrc
CWE-416