Use After Free Vulnerability in Google Chrome Profiles
CVE-2025-1916

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 5 March 2025

Summary

A use after free vulnerability in the Profiles component of Google Chrome prior to version 134.0.6998.35 allows attackers to exploit heap corruption scenarios. This vulnerability can be triggered if a user is convinced to install a malicious browser extension. By crafting a specific HTML page, an attacker may leverage this flaw to execute arbitrary code or compromise user systems, showcasing the importance of safeguarding against untrusted extensions and maintaining updated web browsers.

Affected Version(s)

Chrome 134.0.6998.35

References

https://chromereleases.googleblog.com/2025/03/stable-chan...

https://issues.chromium.org/issues/376493203

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 5, 2025
Vulnerability Reserved
Mar 4, 2025