As reported by HackRead, a significant security flaw discovered in the WebXR technology, which underpins most of the world's web browsers, placed over 4 billion devices at risk of potential data leaks. The vulnerability, rated medium severity, affects all major browsers built on the Chromium codebase.The WebXR leak, identified by autonomous security specialist AISLE in October 2025, was found to have been present for seven months. The flaw stems from an issue in how the code handles data during 3D transformations, leading to the accidental reading of 64 extra bytes of adjacent memory. This could expose sensitive pointer data, allowing attackers to bypass security measures. However, exploitation requires a user to interact with a malicious page, such as initiating a VR session. Given that Chromium-based browsers command over 70% of the global market, the potential impact was widespread, affecting virtually all Windows laptops and Android phones.Google responded swiftly, issuing a fix within 24 hours of responsible disclosure. The stable version of Chrome was updated 13 days later. While the vulnerability (CVE-2025-12443) is now patched, users must update their browsers immediately. This incident highlights the security complexities introduced by emerging technologies like VR and AR.Source: HackRead
Security Operations, Vulnerability Management, Patch/Configuration Management
WebXR memory leak vulnerability patched

Adobe Stock
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



