Use After Free Vulnerability in Google Chrome Affects Multiple Versions
CVE-2025-3620

8.8HIGH

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 16 April 2025

What is CVE-2025-3620?

A use after free vulnerability in the USB handling of Google Chrome allows potential remote exploitation through specially crafted HTML content. Attackers could leverage this flaw to cause heap corruption, which can lead to arbitrary code execution or denial of service. Users are advised to update to versions 135.0.7049.95 and above to mitigate the risks associated with this vulnerability.

Affected Version(s)

Chrome 135.0.7049.95

References

https://chromereleases.googleblog.com/2025/04/stable-chan...

https://issues.chromium.org/issues/405292639

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2025