Primary

Context

Google Chrome V8 Out-of-Bounds Memory Access Vulnerability Allowing Heap Corruption

Vulnerability

A high-severity out-of-bounds memory access vulnerability has been identified in the V8 JavaScript engine of Google Chrome. This issue affects Chrome versions prior to 132.0.6834.83. The vulnerability could allow a remote attacker to exploit heap corruption by sending a crafted HTML page.

Impact

Exploitation of this vulnerability leads to a type confusion error in the V8 engine, allowing for potential memory corruption in a sandboxed process, which could be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced using a JavaScript file (poc.js) that triggers the out-of-bounds memory access. This file can be executed with the V8 command-line tool (d8) that has been compiled with AddressSanitizer, a memory error detector.

Remediation

Users should update to Google Chrome version 132.0.6834.83 or later, where this vulnerability has been fixed.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.6

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome V8 Out-of-Bounds Memory Access Vulnerability Allowing Heap Corruption

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Google V8

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating