What is CVE-2025-10890?

CVE-2025-10890 is a vulnerability in Google Chrome, classified under CWE-1300. Published 2025-09-24.

Is CVE-2025-10890 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Chrome

CVE-2025-10890

Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

EPSS: 0.001 (19.6th percentile) — read the EPSS interpretation.

Affected products

Google Chrome — versions 140.0.7339.207

Weakness classification (CWE)

CWE-1300

Public proof-of-concept exploits

ARPSyndicate/cve-scores
cyber-raavan/task3_
w4zu/Debian_

References

chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_23.html
issues.chromium.org/issues/430336833

Frequently asked questions

What is CVE-2025-10890?: CVE-2025-10890 is a vulnerability in Google Chrome, classified under CWE-1300. Published 2025-09-24.
Is CVE-2025-10890 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.