Headline
WebXR Flaw Hits 4 Billion Chromium Users, Update Your Browser Now
Cybersecurity startup AISLE discovered a Medium severity flaw in the WebXR component of Chrome, Edge, and other Chromium browsers. Over 4 billion devices were at risk. Update now.
A serious security vulnerability in the underlying technology for most of the world’s web was recently discovered in the underlying code for most of the world’s web browsers, putting over 4 billion devices at risk of a data leak.
Autonomous security specialist AISLE discovered this flaw and rated it Medium severity (4.3). It affects all major browsers built on the Chromium code base, including Google Chrome, Microsoft Edge, Brave, and Opera.
****The WebXR Leak****
The problem lies in WebXR, a tool that allows websites to run Virtual Reality (VR) and Augmented Reality (AR) experiences directly in your browser. AISLE’s autonomous analyser found the flaw in October 2025, confirming it had been hidden in the code for seven months.
The technical glitch was subtle: the code failed to properly handle a tiny piece of data during a 3D transformation. This caused the browser to accidentally read 64 extra bytes of adjacent memory in the background.
Blog author Stanislav Fort explained that the leaked values “exposed nearby heap memory, including pointer data,” which attackers could use to bypass security measures. However, an attacker needs the user to interact with a specific malicious page (like clicking to start a VR session) to trigger the data leak.
****Google’s Quick Response****
The potential impact was massive, given that Chromium-based browsers account for over 70% of the global market, with Google Chrome alone running on over 3 billion devices. Virtually every Windows laptop, Android phone, and countless other devices were vulnerable.
Thankfully, Google acted fast. After AISLE responsibly disclosed the issue on October 15, 2025, Google “pushed a fix within 24 hours.” The stable version of Chrome was updated just 13 days later, on October 28, 2025, reflecting their quick security approach.
****What You Need to Do****
The vulnerability (CVE-2025-12443) has been patched, but you must update your browser immediately to protect sensitive information. This includes updating:
- Chrome (to version 142.0.7444.59 or later)
- Microsoft Edge, Brave, Opera, and all other Chromium-based browsers.
This WebXR flaw reminds us that new technologies like VR and AR create complex areas for mistakes. To secure your data, the simplest action is the most important: check your browser settings now and ensure automatic updates are turned on.