CVE-2025-0997

CVE-2025-0997 is a use-after-free vulnerability (CWE-416) in the Navigation component of Google Chrome prior to version 133.0.6943.98. This defect enables potential heap corruption when triggered by a crafted Chrome Extension. Published on 2025-02-15, it carries a CVSS v3.1 base score of 8.1 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) and is rated High severity by Chromium security.

A remote attacker can exploit this vulnerability without user privileges by luring a victim into some form of interaction, such as installing or interacting with a malicious Chrome Extension. Successful exploitation allows the attacker to achieve high-impact confidentiality and integrity violations through heap corruption, potentially enabling arbitrary memory read and write operations, though without direct denial-of-service effects.

Chrome's stable channel update to version 133.0.6943.98 resolves this issue, as detailed in the release notes at https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_12.html. Further technical details are available in the Chromium bug tracker at https://issues.chromium.org/issues/391666328. Security practitioners should prioritize updating affected Chrome installations to mitigate the risk.