CVE-2025-9864

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.80 Microsoft Edge versions prior to 140.0.7339.80

Description A use-after-free issue exists in the V8 JavaScript engine used by Google Chrome and Microsoft Edge. This flaw could allow a remote attacker to exploit heap corruption through a specially crafted HTML page, potentially leading to arbitrary code execution or a denial-of-service condition. The vulnerability allows attackers to affect the system. An exploit for this issue has been developed, involving heap spraying techniques, though its reliability is not fully confirmed. A security researcher from Yandex Security Team discovered this issue within the Chromium project.

Recommendations Update Google Chrome to version 140.0.7339.80 or later. Update Microsoft Edge to version 140.0.7339.80 or later.