CVE-2025-9864

CVSS v2.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.80 Microsoft Edge versions prior to 140.0.7339.80

Description A use-after-free issue exists in the V8 JavaScript engine used by Google Chrome and Microsoft Edge. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution or a denial-of-service condition. The vulnerability allows attackers to affect the system. An exploit for this issue has been developed, involving heap spraying techniques, though its reliability is not fully confirmed. A security researcher from Yandex Security Team discovered this issue within the Chromium project.

Recommendations Update Google Chrome to version 140.0.7339.80 or later. Update Microsoft Edge to version 140.0.7339.80 or later.

Fix

RCE

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2025-11532

BDU:2025-11125

CVE-2025-9864

DSA-5993-1

Affected Products

Alt Linux

Debian

Google Chrome

Red Os

CVE-2025-9864

Weakness Enumeration

Related Identifiers

Affected Products

References · 60