Exploitation Summary
EIP tracks 1 public exploit for CVE-2025-0291. PoCs published by manus-use.
AI-analyzed exploit summary The repository contains functional exploit code for CVE-2025-0291, targeting a Chrome vulnerability. The exploit is written in JavaScript and demonstrates the vulnerability through a proof-of-concept script.
Description
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Exploits (1)
github
WORKING POC
by manus-use · postscriptpoc
https://github.com/manus-use/cve-pocs/tree/main/chrome-CVE-2025-0291
The repository contains functional exploit code for CVE-2025-0291, targeting a Chrome vulnerability. The exploit is written in JavaScript and demonstrates the vulnerability through a proof-of-concept script.
Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target:
Google Chrome (version not specified)
No auth needed
Prerequisites:
Target system with vulnerable Chrome version · Ability to execute JavaScript in the target environment
MITRE ATT&CK
devstral-2 · analyzed Feb 27, 2026
Full analysis →
References (2)
Core 2
Core References
Vendor Advisory
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop.html
Permissions Required
https://issues.chromium.org/issues/383356864
Scores
CVSS v3
8.8
EPSS
0.1209
EPSS Percentile
94.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-843
Status
published
Products (1)
google/chrome
< 131.0.6778.264
Published
Jan 08, 2025
Tracked Since
Feb 18, 2026