CVE-2025-48883

Chrome PHP allows users to start playing with chrome/chromium in headless mode from PHP. Prior to version 1.14.0, CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. This is patched in v1.14.0. As a workaround, users can apply encoding...

CVE-2025-48883

CVE-2025-48883 concerns the Chrome PHP package (chrome-php/chrome). The vulnerability arises because CSS Selector expressions are not properly encoded prior to version 1.14.0, which can enable a cross-site scripting (XSS) issue when interacting with headless Chrome/Chromium from PHP. The issue is...

GHSA-3432-FMRF-7VMH Chrome PHP is missing encoding in `CssSelector`

Impact CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. Patches This is patched in v1.14.0. Workarounds Users can apply encoding manually to their selectors, if they are unable to upgrade...

Chrome PHP is missing encoding in `CssSelector`

Impact CSS Selector expressions are not properly encoded, which can lead to XSS cross-site scripting vulnerabilities. Patches This is patched in v1.14.0. Workarounds Users can apply encoding manually to their selectors, if they are unable to upgrade...