CVE-2025-11756
Published: 06 November 2025
Description
Adversaries may exploit software vulnerabilities in client applications to execute code.
Security Summary
CVE-2025-11756 is a use-after-free vulnerability (CWE-416) in the Safe Browsing component of Google Chrome prior to version 141.0.7390.107. This flaw, published on 2025-11-06, carries a CVSS v3.1 base score of 8.8 and is rated High severity by Chromium security standards. It enables potential out-of-bounds memory access when triggered by a crafted HTML page.
A remote attacker who has already compromised the renderer process can exploit this vulnerability. The attack requires network access (AV:N), low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R), with unchanged scope (S:U). Successful exploitation could result in high impacts to confidentiality, integrity, and availability (C:H/I:H/A:H).
Mitigation is available via the Google Chrome stable channel update to version 141.0.7390.107 or later, as announced in the Chrome Releases blog post and detailed in the associated Chromium issue tracker entry.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Use-after-free vulnerability in Google Chrome renderer process, triggered by crafted HTML page, enables remote code execution in a client application.