CVE-2025-12440

Published: Nov 10, 2025Modified: Nov 13, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.6 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)

Affected (1)

Products: Google: Chrome

1 product

Configuration A

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 142.0.7444.59

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Related CWEs

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (2)

https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

Source: chrome-cve-admin@google.com

Release NotesVendor Advisory

https://issues.chromium.org/issues/430555440

Source: chrome-cve-admin@google.com

Issue TrackingPermissions Required

Timeline

No history available yet.