CVE-2025-54957Integer Overflow or Wraparound in Google Chrome Chrome

CWE-190Integer Overflow or WraparoundCWE-787Out-of-bounds WriteCWE-502Deserialization of Untrusted Data12 documents8 sources
Severity
9.8CRITICALNVD
EPSS
0.0%
top 92.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
15
Google Chrome ChromeMsrc Windows 10Msrc Windows 10 Version 1607+12 more
Timeline
PublishedOct 20
Latest updateJan 14

Description

An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages15 packages

🔴Vulnerability Details

2
OSV
CVE-2025-54957: In multiple locations, there is a possible out of bounds write due to an integer overflow2026-01-01
GHSA
GHSA-rj4r-gj6w-jfgc: An issue was discovered in Dolby UDC 42025-10-20

📋Vendor Advisories

2
Chrome
Stable Channel Update for ChromeOS / ChromeOS Flex: CVE-2025-549572025-10-15
Microsoft
MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder2025-10-14

🕵️Threat Intelligence

7
Projectzero
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby2026-01-14
Projectzero
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?2026-01-14
Talos
Strings in the maze: Finding hidden strengths and gaps in your team2025-10-23
Talos
Strings in the maze: Finding hidden strengths and gaps in your team2025-10-23
Bleepingcomputer
Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws2025-10-14