CVE-2025-0438 — Stack-based Buffer Overflow in Google Chrome

CWE-121 — Stack-based Buffer Overflow CWE-79 — Cross-site Scripting8 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 41.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedJan 15

Latest updateFeb 12

Description

Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome132.0.6834.83 — 132.0.6834.83

▶NVDgoogle/chrome< 132.0.6834.83

▶Debianchromium/chromium< 132.0.6834.83-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-hmr8-hjfx-jp32: Stack buffer overflow in Tracing in Google Chrome prior to 132↗2025-01-15

▶

OSV

CVE-2025-0438: Stack buffer overflow in Tracing in Google Chrome prior to 132↗2025-01-15

▶

CVEList

CVE-2025-0438: Stack buffer overflow in Tracing in Google Chrome prior to 132↗2025-01-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)↗2025-02-12

▶

Chrome

Long Term Support Channel Update for ChromeOS: CVE-2025-0438↗2025-02-07

▶

Microsoft

Chromium: CVE-2025-0438 Stack buffer overflow in Tracing↗2025-01-14

▶

Debian

CVE-2025-0438: chromium - Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed...↗2025

▶