PT-2025-35712 · Google+3 · Google Chrome+3
Pavel Kuzmin
·
Published
2025-07-28
·
Updated
2026-03-10
·
CVE-2025-9864
CVSS v2.0
10
High
| AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 140.0.7339.80
Microsoft Edge versions prior to 140.0.7339.80
Description
A use-after-free issue exists in the V8 JavaScript engine used by Google Chrome and Microsoft Edge. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution or a denial-of-service condition. The vulnerability allows attackers to affect the system. An exploit for this issue has been developed, involving heap spraying techniques, though its reliability is not fully confirmed. A security researcher from Yandex Security Team discovered this issue within the Chromium project.
Recommendations
Update Google Chrome to version 140.0.7339.80 or later.
Update Microsoft Edge to version 140.0.7339.80 or later.
Fix
RCE
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Google Chrome
Red Os