CVE-2025-0999Heap-based Buffer Overflow in Google Chrome

CWE-122Heap-based Buffer OverflowCWE-303Incorrect Implementation of Authentication Algorithm10 documents10 sources
Severity
8.8HIGHNVD
EPSS
0.7%
top 27.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeChromiumGithub.com Mattermost Mattermost-server+2 more
Timeline
PublishedFeb 19
Latest updateFeb 16

Description

Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5google/chrome133.0.6943.126133.0.6943.126
NVDgoogle/chrome< 133.0.6943.126
Debianchromium/chromium< 133.0.6943.126-1~deb12u1+2
Gogithub.com/mattermost_mattermost-server< 5.3.2-0.20251212052346-61651b0df7ea+3
Gogithub.com/mattermost_mattermost_server_v8< 8.0.0-20251212052346-61651b0df7ea

🔴Vulnerability Details

4
GHSA
Mattermost fails to properly validate login method restrictions2026-02-16
CVEList
CVE-2025-0999: Heap buffer overflow in V8 in Google Chrome prior to 1332025-02-19
OSV
CVE-2025-0999: Heap buffer overflow in V8 in Google Chrome prior to 1332025-02-19
GHSA
GHSA-f2jv-hxph-r5wm: Heap buffer overflow in V8 in Google Chrome prior to 1332025-02-19

📋Vendor Advisories

4
Palo Alto
PAN-SA-2025-0007 Chromium: Monthly Vulnerability Update (March 2025)2025-03-12
Chrome
Stable Channel Update for Desktop: CVE-2025-09992025-02-18
Microsoft
Chromium: CVE-2025-0999 Heap buffer overflow in V82025-02-11
Debian
CVE-2025-0999: chromium - Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a re...2025
CVE-2025-0999 — Heap-based Buffer Overflow in Google | cvebase