CVE-2024-12695

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 131.0.6778.204 Google Chrome versions prior to 131.0.6778.204 Microsoft Edge (affected versions not specified)

Description A vulnerability exists in the V8 JavaScript engine used by Google Chrome and Microsoft Edge browsers. This vulnerability is an out-of-bounds write issue that occurs during the processing of HTML content. Successful exploitation could allow a remote attacker to execute arbitrary code, cause a denial of service, or potentially gain further control over the affected system. Recent reports indicate that exploitation of this vulnerability, specifically CVE-2025-6554 (a use-after-free bug within V8), is actively occurring in the wild. A related vulnerability, CVE-2024-12695, allowed arbitrary read and write operations in memory through the Object.assign() function and was also actively exploited.

Recommendations Chromium versions prior to 131.0.6778.204: Upgrade to version 131.0.6778.204 or later. Google Chrome versions prior to 131.0.6778.204: Upgrade to version 131.0.6778.204 or later. Microsoft Edge (affected versions not specified): Upgrade to the latest available version.