CVE-2025-3619 — Heap-based Buffer Overflow in Google Chrome

CWE-122 — Heap-based Buffer Overflow10 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 68.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedApr 16

Latest updateMay 14

Description

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5google/chrome135.0.7049.95 — 135.0.7049.95

▶NVDgoogle/chrome< 135.0.7049.95

▶Debianchromium/chromium< 135.0.7049.95-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

CVEList

CVE-2025-3619: Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135↗2025-04-16

▶

GHSA

GHSA-qg97-xp64-p6pc: Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135↗2025-04-16

▶

OSV

CVE-2025-3619: Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135↗2025-04-16

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0009 Chromium: Monthly Vulnerability Update (May 2025)↗2025-05-14

▶

Chrome

Stable Channel Update for Desktop: CVE-2025-3619↗2025-04-15

▶

Microsoft

Chromium: CVE-2025-3619 Heap buffer overflow in Codecs↗2025-04-08

▶

Debian

CVE-2025-3619: chromium - Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.9...↗2025

▶

🕵️Threat Intelligence

Qualys

Safeguarding Vulnerability Management Despite MITRE Funding Risks | Qualys↗2025-04-16

▶

Qualys

Safeguarding Vulnerability Management Despite MITRE Funding Risks↗2025-04-16

▶