CVE-2025-9478

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 139.0.7258.154 Chromium versions prior to 139.0.7258.154-1deb12u1 (bookworm) Chromium versions prior to 139.0.7258.154-1deb13u1 (trixie) Chromium version 140.0.7339.80-alt0.p11.1

Description A critical issue exists in the ANGLE graphics library used by Google Chrome and Chromium. This flaw is a use-after-free condition, which could allow a remote attacker to potentially exploit heap corruption through a specially crafted HTML page. The vulnerability was discovered by Google’s AI agent, Big Sleep. Exploitation of this issue may lead to arbitrary code execution.

Recommendations Google Chrome versions prior to 139.0.7258.154: Update to version 139.0.7258.154 or later. Chromium versions prior to 139.0.7258.154-1deb12u1 (bookworm): Upgrade to version 139.0.7258.154-1deb12u1 or later. Chromium versions prior to 139.0.7258.154-1deb13u1 (trixie): Upgrade to version 139.0.7258.154-1deb13u1 or later. Chromium version 140.0.7339.80-alt0.p11.1: No specific action is required as this is the updated version.