CVE-2025-12725
📋 TL;DR
This vulnerability allows remote attackers to perform out-of-bounds memory writes via a crafted HTML page targeting Chrome's WebGPU implementation on Android. Attackers could potentially execute arbitrary code or cause browser crashes. Only Android users running vulnerable Chrome versions are affected.
💻 Affected Systems
- Google Chrome for Android
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to full device compromise, data theft, or persistent malware installation.
Likely Case
Browser crashes, denial of service, or limited information disclosure from memory reads.
If Mitigated
No impact if patched or if WebGPU is disabled.
🎯 Exploit Status
Requires user to visit malicious webpage; no authentication needed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 142.0.7444.137
Vendor Advisory: https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Google Play Store 2. Search for Chrome 3. Update to version 142.0.7444.137 or later 4. Restart Chrome
🔧 Temporary Workarounds
Disable WebGPU
androidTemporarily disable WebGPU feature in Chrome flags
chrome://flags/#enable-webgpu
Set to Disabled
🧯 If You Can't Patch
- Use alternative browsers without WebGPU support
- Enable Chrome's site isolation and sandboxing features
🔍 How to Verify
Check if Vulnerable:
Check Chrome version in Settings > About ChromeCheck Version:
chrome://version/Verify Fix Applied:
Confirm version is 142.0.7444.137 or higher📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports
- WebGPU-related errors in console
Network Indicators:
- Requests to known malicious domains hosting exploit code
SIEM Query:
source="chrome_crash_reports" AND version<"142.0.7444.137"