CVE-2025-12910: 
Google Chrome vulnerability analysis and mitigation

A security vulnerability identified as CVE-2025-12910 affects Google Chrome versions prior to 140.0.7339.80. The vulnerability stems from an inappropriate implementation in the Passkeys feature, which could allow a local attacker to obtain potentially sensitive information through debug logs. This issue was discovered by Kamaraj Gandhirajan and Anoop Pandey and was reported on July 30, 2025 (Chrome Release).

The vulnerability has been assigned a CVSS v3.1 base score of 6.2 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The weakness is categorized under CWE-1295 (Debug Messages Revealing Unnecessary Information). The vulnerability requires local access but needs no privileges or user interaction to exploit (NVD, Ubuntu).

The vulnerability allows unauthorized access to potentially sensitive information through debug logs. While the attack requires local access, it can result in high confidentiality impact, though there are no direct impacts on system integrity or availability (Ubuntu).

The vulnerability has been patched in Google Chrome version 140.0.7339.80. Users are advised to update their Chrome installations to this version or later. Various Linux distributions have also released corresponding security updates, including Debian and Ubuntu (Debian).