Use After Free Vulnerability in Google Chrome WebAudio Component
CVE-2025-4372
Key Information:
Badges
What is CVE-2025-4372?
CVE-2025-4372 is a medium-severity vulnerability located within the WebAudio component of Google Chrome, specifically present in versions prior to 136.0.7103.92. This vulnerability is categorized as a "use after free," which occurs when a program continues to use a memory resource after it has been released. Such vulnerabilities can lead to heap corruption, which a remote attacker could exploit by crafting a malicious HTML page. If successful, this could result in unauthorized actions being executed on the affected system, jeopardizing the integrity and security of organizational data while allowing the attacker potential control over sensitive operations carried out through the Chrome browser.
Potential impact of CVE-2025-4372
-
Heap Corruption and Unauthorized Execution: The use after free condition may enable attackers to manipulate the system memory, leading to heap corruption. This can allow malicious code to be executed with the same privileges as the user running the browser, possibly affecting critical resources and data.
-
Data Breaches: Exploitation of this vulnerability could lead to severe data breaches, where attackers gain access to confidential information. This is particularly dangerous in environments handling sensitive personal or business information, as it can lead to significant legal and reputational repercussions.
-
Increased Surface for Attack: The vulnerability presents a broader risk by potentially allowing attackers to launch further exploits or payloads once they have access to the affected system. This could facilitate the spread of malware, including ransomware, and create a gateway for additional malicious activities targeting other systems within an organization.
Affected Version(s)
Chrome 136.0.7103.92
News Articles

Google Chrome Update Fixes CVE-2025-4372 & Other Flaws
Google Chrome latest update patches CVE-2025-4372, CVE-2025-4664, and CVE-2025-2783 vulnerabilities.
2 weeks ago

Google Chrome Update Fixes CVE-2025-4372 & Other Flaws
Google Chrome latest update patches CVE-2025-4372, CVE-2025-4664, and CVE-2025-2783 vulnerabilities.
2 weeks ago

Critical Google Chrome 136 Audio Bug Lets Hackers Remotely Install Malware
Hackers could use an audio vulnerability to remotely execute malicious code in Google Chrome — you have been warned, take action now.
4 weeks ago
References
CVSS V3.1
Timeline
- 👾
Exploit known to exist
- 📰
First article discovered by Forbes
Vulnerability published
Vulnerability Reserved