Use After Free Vulnerability in Google Chrome by Google
CVE-2025-0995

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 15 February 2025

Badges

📈 Trended📈 Score: 1,350

What is CVE-2025-0995?

CVE-2025-0995 is a critical use-after-free vulnerability identified in Google Chrome, specifically affecting the V8 JavaScript engine. This issue arises due to improper memory management, allowing an attacker to exploit heap corruption through the delivery of a specially crafted HTML page. As one of the most widely used web browsers globally, Google Chrome serves as a fundamental tool for internet access and is entrusted with handling sensitive user data, making its security paramount. The exploitation of this vulnerability could detrimentally affect organizations by compromising user data, disrupting services, and potentially leading to unauthorized system access.

The nature of this vulnerability indicates a high-severity risk classification, as it enables attackers to craft payloads that can manipulate memory allocations. Such vulnerabilities are frequently exploited in various attacks, including remotely executed code and system crashes, thereby raising significant concerns for the integrity and confidentiality of organizational data managed through the browser.

Potential Impact of CVE-2025-0995

Data Breaches: The exploitation of CVE-2025-0995 can lead to unauthorized access to sensitive user information, resulting in substantial data breaches. This not only affects individual users but can also have severe repercussions for organizations, including legal liabilities and reputational damage.
System Compromise: Attackers can leverage this vulnerability to execute arbitrary code on affected systems. By gaining control over a user’s device, they can manipulate system operations, deploy additional malware, or use compromised systems as a foothold for further attacks within an organization’s network.
Service Disruption: The potential for exploitation through crafted HTML pages could lead to significant disruptions in services relying on Google Chrome for operations. This can result in downtime, loss of productivity, and financial losses, particularly for organizations that depend heavily on web-based applications for their daily functions.

Affected Version(s)

Chrome 133.0.6943.98

References

https://chromereleases.googleblog.com/2025/02/stable-chan...

https://issues.chromium.org/issues/391907159

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

📈
Vulnerability started trending
May 16, 2025
Vulnerability published
Feb 15, 2025
Vulnerability Reserved
Feb 3, 2025