—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in Google Chrome for Desktop 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Google Chrome versions prior to 139.0.7258.127/.128 for Windows and Mac

Google Chrome versions prior to 139.0.7258.127 for Linux

Overview

Multiple vulnerabilities have been reported in Google Chrome for Desktop, which could be exploited by a remote attacker to execute arbitrary code, obtain sensitive information or cause denial of service condition on the targeted system.

Target Audience:

All end-user organizations and individuals using Google Chrome for Desktop.

Risk Assessment:

Unauthorized access to sensitive data and system instability.

Impact Assessment:

Potential for data theft and system crash.

Description

Google Chrome is a internet browser that is used for accessing the information available on the World Wide Web. It is designed for use on desktop computers, such as those running on Windows, macOS, or Linux operating systems.

These vulnerabilities exist in Google chrome for Desktop due to Heap buffer overflow in libaom, Race condition in V8, Out of bounds write in ANGLE, Inappropriate implementation in File Picker and Use after free in Aura. A remote attacker could exploit these vulnerabilities by persuading a victim to visit a specially crafted request.

Successful exploitation of these vulnerabilities could allow a remote attacker to execute arbitrary code, obtain sensitive information or cause denial of service condition.

Solution

Apply appropriate updates as mentioned by the vendor:

https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html

Vendor Information

Google

https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html

References

Google

https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop_12.html

CVE Name

CVE-2025-8879

CVE-2025-8880

CVE-2025-8901

CVE-2025-8881

CVE-2025-8882

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmid8j8ACgkQ3jCgcSdc

ys8KJRAAlbz8lUWMmntFSqFnGNbtego9g5wIg2a/rgrrQhVGHq8MzOoFu+htFFco

E88WO0M/jai52n6zppUDy8wqrYy5ueeE9wEFgNNnJp7i7I+vTZZsGf3jNjGpbqS1

SZ9Vx2+McqhH90D1SA3s11BniaOLcidgM45aQDsxrvzhpJFSeEHdqpUrnm4ISnPZ

aJoOnvYjz92/1Y2GYAP9rY6og4HtnMjOiPaQ9kLVF25VbssphcWwdwbMwrj4d/V3

7DW+bys1vNjaaQVwxad36Tf5LbbEkayFBGYIxTFle7DDZrVm7dfeadpPWCmKu2US

MHpEmhUkjXNlzgDsYNnJQwZKi+nTAqWcci3beHTbyyVDdEg7zAsdH6ONUOkGOtiI

TAnpDRyrota7bt4q6B4mlg7niUHPl+aHQ8TLLJDrDLskY6c7IkHBJ+EiBzC2IQ7c

RFG2H6mFUEZgffvAR9Jun1P0UtNZp/lTfq3ESl/CT2/fvcQKuZlIpXHsDZmiWT1h

TPocsxV0sEgbWGRHcp5Futp16C2XW2UL5aE+y4Hh6xQ0RISFZHJqWw9wkam6QKN2

sLpj25uny8iRwdGWeavEO0ZB97t2Qs8zzSl29GgmOsAVlPWU6+CnNwZmZeez2faK

ISu0TfnwJ5YxYVMnxGreQHfQlwk6CehQU4Jx+k6TGLWwAYQ3g6w=

=PVd6

—–END PGP SIGNATURE—–