Primary

Context

Google Chrome Out-of-Bounds Read Vulnerability in Metrics Component Allowing Heap Corruption

Vulnerability

Patched

A high-severity out-of-bounds read vulnerability has been identified in the Metrics component of Google Chrome. This issue affects versions prior to 132.0.6834.83. The vulnerability allows remote attackers to potentially exploit heap corruption by crafting a malicious HTML page.

Impact

Exploitation of this vulnerability can lead to a crash of the browser process, caused by an out-of-bounds read that disrupts normal memory operations.

Reproduction

The vulnerability can be reproduced by applying a specific patch to the Chrome renderer, building the release version of Chrome, and then opening and closing tabs in a way that triggers the out-of-bounds read. This can be done manually or by using a debugger to attach to the Chrome broker process.

Remediation

Users can update to Google Chrome version 132.0.6834.83 or later to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

1.3

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome Out-of-Bounds Read Vulnerability in Metrics Component Allowing Heap Corruption

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating