CVE-2025-8901
Google · Chrome
An out-of-bounds write vulnerability exists in the ANGLE graphics component of Google Chrome prior to version 139.
Executive summary
A high-severity out-of-bounds write vulnerability in Google Chrome's ANGLE component could lead to arbitrary code execution or browser crashes.
Vulnerability
This is an out-of-bounds write vulnerability within the ANGLE (Almost Native Graphics Layer Engine) component, which can be triggered when processing malformed graphics data.
Business impact
With a CVSS score of 8.8, this flaw poses a significant risk to endpoint security. Successful exploitation could allow a remote attacker to execute arbitrary code within the context of the browser, potentially leading to data theft, malware installation, or system-wide compromise.
Remediation
Immediate Action: Update all Google Chrome installations to version 139 or the latest available security release immediately.
Proactive Monitoring: Monitor for browser-related crashes or unexpected process behavior that may indicate attempts to exploit graphics rendering components.
Compensating Controls: Utilize browser-based security policies, such as limiting the execution of untrusted scripts or using hardened browser configurations, to reduce the attack surface.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Browser-based vulnerabilities are high-value targets for attackers. Users and administrators should ensure that Chrome is updated to the specified patched version immediately to mitigate the risk of remote code execution.