CVE-2025-0762

CVE-2025-0762 is a use-after-free vulnerability (CWE-416) in the DevTools component of Google Chrome prior to version 132.0.6834.159. This flaw allows a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. The issue carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is rated Medium severity by Chromium security.

A remote attacker with no privileges can exploit this vulnerability by convincing a user to interact with a maliciously crafted Chrome Extension, such as through installation or usage triggered by a webpage. Successful exploitation could result in heap corruption, enabling high-impact compromise of confidentiality, integrity, and availability, potentially leading to arbitrary code execution within the browser context.

Google has mitigated this vulnerability in Chrome stable channel version 132.0.6834.159. Security practitioners should advise users to update immediately to this version or later. Additional details are available in the Chrome Releases announcement at https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_28.html and the Chromium issue tracker at https://issues.chromium.org/issues/384844003.