Primary

Context

Google Chrome File Picker Cross-Origin Data Leak Vulnerability

Vulnerability

Patched

A vulnerability in the File Picker component of Google Chrome has been identified, allowing remote attackers to leak cross-origin data. This issue affects Google Chrome versions prior to 139.0.7258.127. The vulnerability arises from an inappropriate implementation that enabled data leakage through a crafted HTML page, provided the user engaged in specific UI gestures.

Impact

Exploitation of this vulnerability could lead to unauthorized cross-origin data leakage.

Remediation

Users can update to Google Chrome version 139.0.7258.127 or later to address this vulnerability.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome File Picker Cross-Origin Data Leak Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating