CVE-2025-0434
Published: 15 January 2025
Description
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Security Summary
CVE-2025-0434 is an out-of-bounds memory access vulnerability in the V8 JavaScript and WebAssembly engine within Google Chrome versions prior to 132.0.6834.83. This flaw, classified under CWE-122 (Heap-based Buffer Overflow), enables potential heap corruption when processing a crafted HTML page. The issue carries a CVSS v3.1 base score of 8.8, rated as High severity by Chromium security standards.
A remote attacker can exploit this vulnerability by tricking a user into visiting a malicious website or opening a crafted HTML page. No privileges are required (PR:N), and the attack is accessible over the network (AV:N) with low complexity (AC:L), though it relies on user interaction (UI:R). Successful exploitation could result in high-impact confidentiality, integrity, and availability violations (C:H/I:H/A:H), potentially allowing arbitrary code execution or sandbox escape within the browser context.
Google's stable channel update for desktop, announced via the Chrome Releases blog, addresses this vulnerability in version 132.0.6834.83 and later. Additional details are tracked in the Chromium issue tracker at issues.chromium.org/issues/374627491. Security practitioners should prioritize updating affected Chrome installations to mitigate the risk.
Details
- CWE(s)