CVE-2025-12428

HIGH

Google Chrome < 142.0.7444.59 - Type Confusion in V8

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-12428. PoCs published by dexterm300.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2025-12428, a type confusion vulnerability in the V8 JavaScript engine. The exploit includes both basic and advanced techniques to trigger the vulnerability, potentially leading to heap corruption and arbitrary code execution.

Description

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Exploits (1)

github WORKING POC 4 stars
by dexterm300 · javascriptpoc
https://github.com/dexterm300/cve-2025-12428-exploit-poc

This repository contains a functional proof-of-concept exploit for CVE-2025-12428, a type confusion vulnerability in the V8 JavaScript engine. The exploit includes both basic and advanced techniques to trigger the vulnerability, potentially leading to heap corruption and arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Google Chrome < 142.0.7444.59, Microsoft Edge (Chromium-based) < latest update
No auth needed
Prerequisites: Vulnerable version of Chrome or Edge · Isolated test environment
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0681
EPSS Percentile 93.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-843
Status published
Products (1)
google/chrome < 142.0.7444.59
Published Nov 10, 2025
Tracked Since Feb 18, 2026