CVE-2025-0611

High

Published: 22 January 2025

Published

22 January 2025

Modified

18 April 2025

KEV Added

—

Patch

—

CVSS Score 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

EPSS Score 0.0064 70.6th percentile

Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Description

Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Security Summary

CVE-2025-0611 is an object corruption vulnerability in the V8 JavaScript engine within Google Chrome versions prior to 132.0.6834.110. The issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, as rated High severity by the Chromium security team. It carries a CVSS v3.1 base score of 8.2 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H) and is associated with CWE-122.

A remote attacker without privileges can exploit this vulnerability over the network with low complexity and no user interaction required, such as by luring a victim to visit a malicious website hosting the crafted HTML page. Exploitation could lead to heap corruption, enabling high availability impact alongside low integrity impact and no confidentiality impact.

Mitigation is addressed in the stable channel update documented at https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html, with the fix upstreamed in Chromium issue https://issues.chromium.org/issues/386143468. Security practitioners should ensure Google Chrome is updated to version 132.0.6834.110 or later.

Details

CWE(s): CWE-122

Affected Products

google

chrome

≤ 132.0.6834.110

References

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html
Vendor Advisory · chrome-cve-admin@google.com
https://issues.chromium.org/issues/386143468
Issue Tracking, Permissions Required · chrome-cve-admin@google.com