Volerion logoVolerion
Volerion logoVolerion

Google Chrome V8 Out-of-Bounds Read Vulnerability Allowing Heap Corruption

Vulnerability

A vulnerability in the V8 JavaScript engine of Google Chrome, present in versions prior to 133.0.6943.141, allows for an out-of-bounds read that could lead to heap corruption. This issue could be exploited by a remote attacker through a crafted HTML page.

Impact

Exploitation of this vulnerability could cause memory corruption in a sandboxed process or renderer, potentially allowing for further exploitation.

Reproduction

The vulnerability can be reproduced using a crafted JavaScript file that exploits the out-of-bounds read. This file can be executed with the V8 JavaScript engine using the 'd8' command-line tool, with the '--allow-natives-syntax' flag enabled. This process involves downloading a debug version of V8 that includes AddressSanitizer, a tool for detecting memory errors, and running it with the crafted JavaScript file as input.

Remediation

Users can update to Google Chrome version 133.0.6943.141 or later, where this vulnerability has been fixed.

Added: Nov 14, 2025, 3:17 AM
Updated: Nov 14, 2025, 3:17 AM

Vulnerability Rating

Custom Algorithm
spread
8.4
impact
2.5
exploitability
5.8
remediation
7.7
relevance
1.0
threat
6.4
urgency
2.9
incentive
0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.