Primary

Context

Google Chrome PDFium Out-of-Bounds Read Vulnerability Allowing Memory Access

Vulnerability

Patched

A medium-severity out-of-bounds read vulnerability has been identified in the PDFium library used by Google Chrome. This issue affects Chrome versions prior to 134.0.6998.35. The vulnerability allows remote attackers to potentially access memory out of the intended bounds by exploiting a crafted PDF file.

Impact

Exploitation of this vulnerability could lead to a memory access violation, causing a crash or potentially allowing for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by downloading the latest AddressSanitizer (ASan) build of Chrome, and then running it with the 'no-sandbox' option. A crafted PDF file must be served via a local web server and accessed by the Chrome instance.

Remediation

Users should update to Google Chrome version 134.0.6998.35 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

2.5

exploitability

5.8

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome PDFium Out-of-Bounds Read Vulnerability Allowing Memory Access

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Google Chrome

Chromium

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating