CVE-2025-0995

CVE-2025-0995 is a use-after-free vulnerability (CWE-416) in the V8 JavaScript and WebAssembly engine within Google Chrome versions prior to 133.0.6943.98. This flaw allows a remote attacker to potentially exploit heap corruption through a crafted HTML page. The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), classified as high severity by Chromium security standards.

A remote attacker can exploit this vulnerability by tricking a user into visiting a malicious website or interacting with a crafted HTML page, requiring user interaction but no special privileges. Successful exploitation could lead to heap corruption, potentially enabling arbitrary read/write access to memory, code execution, or other severe impacts on confidentiality, integrity, and availability within the browser's renderer process.

Google's stable channel update, detailed in the Chrome Releases blog post at https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html, addresses this issue by patching affected versions to 133.0.6943.98 and later. Additional technical details are available in the Chromium issue tracker at https://issues.chromium.org/issues/391907159. Security practitioners should prioritize updating Chrome installations and advise users to avoid untrusted web content until patched.