CVE-2025-0995 — Use After Free in Google Chrome

CWE-416 — Use After Free CWE-787 — Out-of-bounds Write14 documents8 sources

Severity

8.8HIGHNVD

OSV7.8

EPSS

0.3%

top 48.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedFeb 15

Latest updateApr 29

Description

Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome133.0.6943.98 — 133.0.6943.98

▶NVDgoogle/chrome< 133.0.69943.98

▶Debianchromium/chromium< 133.0.6943.98-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

OSV

linux-aws-5.15 vulnerabilities↗2025-04-29

▶

OSV

linux-oracle-5.15 vulnerabilities↗2025-04-25

▶

OSV

linux-intel-iot-realtime, linux-realtime vulnerabilities↗2025-04-24

▶

OSV

linux-aws-fips, linux-fips, linux-gcp-fips vulnerabilities↗2025-04-24

▶

OSV

linux-azure-fips vulnerabilities↗2025-04-24

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0007 Chromium: Monthly Vulnerability Update (March 2025)↗2025-03-12

▶

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0995↗2025-02-21

▶

Microsoft

Chromium: CVE -2025-0995 Use after free in V8↗2025-02-11

▶

Debian

CVE-2025-0995: chromium - Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote at...↗2025

▶

Microsoft

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state potentially allowing a local user t↗2022-03-08

▶