CVE-2025-0444

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 133.0.6943.53 Microsoft Edge (affected versions not specified)

Description The issue is related to a use after free in Skia, allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details include concurrent access to SkFontationsScalerContext, which may lead to a race condition and use-after-free. The generateYScalePathForGlyphId() function can be called from a COLRv1 SkDrawable.

Recommendations For Google Chrome versions prior to 133.0.6943.53, update to version 133.0.6943.53 or later to resolve the issue. For Microsoft Edge, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to potentially vulnerable components until a patch is available.