Volerion logoVolerion
Volerion logoVolerion

Google Chrome DevTools Use-After-Free Vulnerability Allowing Heap Corruption via Crafted Extension

Vulnerability

A use-after-free vulnerability has been identified in the DevTools component of Google Chrome. This issue affects versions prior to 132.0.6834.159 and has been classified as medium severity. The vulnerability allows remote attackers to potentially exploit heap corruption by using a specially crafted Chrome extension.

Impact

Exploitation of this vulnerability leads to memory corruption in the renderer process, which could be exploited to execute arbitrary code.

Reproduction

The vulnerability can be reproduced by creating a Chrome extension that includes a manifest file and a background script. The extension must be loaded into Chrome using the command line, with the 'user-data-dir' option set to a non-existent directory and the 'no-sandbox' option enabled. This allows the extension to run with debugger permissions, triggering the use-after-free condition in DevTools.

Remediation

Users should update to Google Chrome version 132.0.6834.159 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
10.0
exploitability
4.4
remediation
7.7
relevance
0.0
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.