CVE-2025-0438

CVE-2025-0438 is a stack buffer overflow vulnerability in the Tracing component of Google Chrome versions prior to 132.0.6834.83. The flaw, classified under CWE-121, enables potential stack corruption when a remote attacker supplies a crafted HTML page. It carries a Chromium security severity rating of High and a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating significant risk due to its network accessibility and high impacts on confidentiality, integrity, and availability.

A remote attacker with no privileges can exploit this vulnerability by tricking a user into visiting a malicious website or interacting with a crafted HTML page. Successful exploitation could lead to arbitrary code execution through stack corruption, compromising the victim's browser instance and potentially the underlying system, depending on the attacker's payload and the user's context.

Google's stable channel update advisory at https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_14.html details the patch in Chrome 132.0.6834.83, recommending users update to this version or later to mitigate the issue. Additional technical details are available in the Chromium issue tracker at https://issues.chromium.org/issues/384186539.