CVE-2025-9132

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 139.0.7258.138 Chromium versions prior to 139.0.7258.138 Debian Chromium versions prior to 139.0.7258.138-1deb12u1 (bookworm) Debian Chromium versions prior to 139.0.7258.138-1deb13u1 (trixie)

Description A high-severity out-of-bounds write flaw exists in the V8 JavaScript engine. This issue allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. The vulnerability was discovered by Big Sleep AI from Google DeepMind and Project Zero. Exploitation of this flaw could lead to remote code execution. The vulnerability is related to the processing of JavaScript scripts and specifically involves an out-of-bounds write condition. The vulnerability is also associated with the parsing of ‘await using’ in c-style loops.

Recommendations Update Google Chrome to version 139.0.7258.138 or later. Update Chromium to version 139.0.7258.138 or later. For Debian users, upgrade Chromium to version 139.0.7258.138-1deb12u1 or later for the bookworm distribution. For Debian users, upgrade Chromium to version 139.0.7258.138-1deb13u1 or later for the trixie distribution.