PT-2025-3888 · Google+4 · V8+5

303F06E3

Published

2025-01-19

Updated

2025-05-08

CVE-2025-0445

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 133.0.6943.53

Description A remote attacker could potentially exploit heap corruption via a crafted HTML page, leveraging a use after free issue in V8. The estimated number of potentially affected devices worldwide is not specified. Details about real-world incidents where this issue was exploited are not provided. Technical details include the exploitation of heap corruption through a manipulated HTML page.

Recommendations For Google Chrome versions prior to 133.0.6943.53, update to version 133.0.6943.53 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the use after free vulnerability in V8 until a patch is applied.

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2025-2744

ALT-PU-2025-4366

BDU:2025-01273

CVE-2025-0445

DSA-5859-1

MGASA-2025-0091

OPENSUSE-SU-2025:0058-1

OPENSUSE-SU-2025:14742-1

OPENSUSE-SU-2025:14884-1

Affected Products

Alt Linux

Astra Linux

Debian

Google Chrome

Red Os

PT-2025-3888 · Google+4 · V8+5

CVE-2025-0445

Weakness Enumeration

Related Identifiers

Affected Products

References · 56