CVE-2025-8901

Google · Chrome

An out-of-bounds write vulnerability exists in the ANGLE graphics component of Google Chrome prior to version 139.

Executive summary

A high-severity out-of-bounds write vulnerability in Google Chrome's ANGLE component could lead to arbitrary code execution or browser crashes.

Vulnerability

This is an out-of-bounds write vulnerability within the ANGLE (Almost Native Graphics Layer Engine) component, which can be triggered when processing malformed graphics data.

Business impact

With a CVSS score of 8.8, this flaw poses a significant risk to endpoint security. Successful exploitation could allow a remote attacker to execute arbitrary code within the context of the browser, potentially leading to data theft, malware installation, or system-wide compromise.

Remediation

Immediate Action: Update all Google Chrome installations to version 139 or the latest available security release immediately.

Proactive Monitoring: Monitor for browser-related crashes or unexpected process behavior that may indicate attempts to exploit graphics rendering components.

Compensating Controls: Utilize browser-based security policies, such as limiting the execution of untrusted scripts or using hardened browser configurations, to reduce the attack surface.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Browser-based vulnerabilities are high-value targets for attackers. Users and administrators should ensure that Chrome is updated to the specified patched version immediately to mitigate the risk of remote code execution.