CVE-2025-0999

CVE-2025-0999 is a heap buffer overflow vulnerability (CWE-122) in the V8 JavaScript and WebAssembly engine within Google Chrome versions prior to 133.0.6943.126. The flaw allows heap corruption when processing a crafted HTML page, as reported with a Chromium security severity of High and a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). It affects users of the affected Chrome stable channel releases.

A remote attacker can exploit this vulnerability by tricking a user into visiting a malicious website containing the crafted HTML page, requiring user interaction but no special privileges. Successful exploitation could lead to high-impact consequences, including arbitrary code execution, data theft, or system compromise through heap corruption, potentially granting the attacker full control over the victim's browser process.

Google's stable channel update for desktop, detailed in the Chrome Releases blog at https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop_18.html, addresses the issue in version 133.0.6943.126 and later. Additional technical details are available in the Chromium issue tracker at https://issues.chromium.org/issues/394350433. Security practitioners should advise users to update Chrome immediately and enable automatic updates to mitigate exposure.