CVE-2025-12906 — Vulnetix

CVE-2025-12906 PUBLISHED CVSS 5.400000095367432 MEDIUM

Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

EPSS 0.05% · 17.2th percentile

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

EPSS Score

0.05%

17.2th percentile

Affected Products

Vendor	Product	Versions
Google	Chrome	140.0.7339.80
google	chrome	0

Exploit Intelligence

CIRCL seen: CVE-2025-12906 (circl-sighting)
https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html (circl)
https://issues.chromium.org/issues/428455319 (circl)

Timeline

Nov 7, 2025 CVE Published
Nov 8, 2025 EPSS Score
Nov 8, 2025 Coalition ESS Score
Nov 8, 2025 PoC Published
Nov 13, 2025 EPSS Score
Nov 19, 2025 EPSS Score
Nov 24, 2025 EPSS Score
Nov 29, 2025 EPSS Score
Dec 4, 2025 EPSS Score
Dec 10, 2025 EPSS Score
Dec 11, 2025 Coalition ESS Score
Dec 15, 2025 EPSS Score

References

Open in Interactive Console →