Bug 2388152 (CVE-2025-8881)
| Summary: | CVE-2025-8881 chromium-browser: Chrome File Picker Cross-Origin Data Leak | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in chromium-browser. A coding error within the file picker component allows a remote attacker to trigger a cross-origin data leak by manipulating user interface gestures through a specially crafted HTML page. This manipulation allows the attacker to access data from other origins. The vulnerability requires user interaction to trigger the data leak. Consequently, an attacker can expose sensitive information.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2388159, 2388160 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-08-13 04:01:35 UTC
|