CVE-2025-0612

High

Published: 22 January 2025

Published

22 January 2025

Modified

18 April 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0086 75.1th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Security Summary

CVE-2025-0612 is an out-of-bounds memory access vulnerability (CWE-125) in the V8 JavaScript engine within Google Chrome prior to version 132.0.6834.110. It allows potential heap corruption when processing a crafted HTML page, as reported with a Chromium security severity of High and a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A remote attacker can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Exploitation via a malicious HTML page could result in heap corruption, primarily impacting availability through potential denial-of-service conditions.

Google addressed this issue in the stable channel update for desktop Chrome version 132.0.6834.110, as documented in the Chrome Releases blog (https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html) and the Chromium issue tracker (https://issues.chromium.org/issues/385155406). Security practitioners should prioritize updating affected browsers to mitigate the risk.

Details

CWE(s): CWE-125

Affected Products

google

chrome

≤ 132.0.6834.110

References

https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html
Vendor Advisory · chrome-cve-admin@google.com
https://issues.chromium.org/issues/385155406
Issue Tracking · chrome-cve-admin@google.com