CVE-2025-0434 — Heap-based Buffer Overflow in Google Chrome

CWE-122 — Heap-based Buffer Overflow CWE-79 — Cross-site Scripting8 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 36.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedJan 15

Latest updateFeb 12

Description

Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome132.0.6834.83 — 132.0.6834.83

▶NVDgoogle/chrome< 132.0.6834.83

▶Debianchromium/chromium< 132.0.6834.83-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-fpmx-pfpg-92xg: Out of bounds memory access in V8 in Google Chrome prior to 132↗2025-01-15

▶

OSV

CVE-2025-0434: Out of bounds memory access in V8 in Google Chrome prior to 132↗2025-01-15

▶

CVEList

CVE-2025-0434: Out of bounds memory access in V8 in Google Chrome prior to 132↗2025-01-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)↗2025-02-12

▶

Chrome

Stable Channel Update for Desktop: CVE-2025-0434↗2025-01-14

▶

Microsoft

Chromium: CVE-2025-0434 Out of bounds memory access in V8↗2025-01-14

▶

Debian

CVE-2025-0434: chromium - Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowe...↗2025

▶