EUVD-2025-18663
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
4Description
Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Analysis
High-severity integer overflow vulnerability in the V8 JavaScript engine within Google Chrome that enables out-of-bounds memory access through a maliciously crafted HTML page. The vulnerability affects Chrome versions prior to 137.0.7151.119 and requires only user interaction (clicking a link, visiting a page) with no special privileges needed. Successful exploitation allows attackers to read sensitive data, modify content, or crash the browser with a CVSS score of 8.8.
Technical Context
This vulnerability resides in V8 (Chromium's JavaScript engine), where integer overflow conditions can occur during memory operations. CWE-472 (Integer Overflow to Buffer Overflow) indicates that an integer calculation wraps or exceeds its maximum value, subsequently used in memory allocation or boundary checks. When V8 processes JavaScript in a crafted HTML page, an attacker can manipulate numeric values to cause an integer overflow, resulting in undersized memory allocations. This subsequently leads to out-of-bounds memory access, allowing reads or writes beyond allocated buffer boundaries. Affected CPE: cpe:2.7.a:google:chrome:*:*:*:*:*:*:*:* (versions <137.0.7151.119) and Chromium-based derivatives.
Affected Products
Chrome (<137.0.7151.119); Chromium (<137.0.7151.119)
Remediation
Update Google Chrome to version 137.0.7151.119 or later immediately; details: Users should enable automatic updates or manually update via Settings > About Chrome > Check for Updates Update Chromium-based browsers (Edge, Brave, Opera, etc.) to their corresponding fixed releases; details: Each browser vendor will release patches based on upstream Chromium 137 release; check individual vendor security advisories Workaround: Restrict JavaScript execution or disable V8 features where possible; details: Not practical for end users; enterprise deployments may use policies to restrict script execution, but this breaks most web functionality Mitigation: Isolate browsing or use sandboxed environments for untrusted content; details: Use browser sandboxing (enabled by default in Chrome) and avoid clicking suspicious links Reference: Monitor Google Security Blog and Chrome Release Notes; link: https://chromereleases.googleblog.com/
Priority Score
Vendor Status
Ubuntu
Priority: Medium| Release | Status | Version |
|---|---|---|
| jammy | not-affected | code not present |
| noble | not-affected | code not present |
| oracular | not-affected | code not present |
| plucky | not-affected | code not present |
| upstream | released | - |
Debian
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye (security), bullseye | vulnerable | 120.0.6099.224-1~deb11u1 | - |
| bookworm | fixed | 137.0.7151.119-1~deb12u1 | - |
| bookworm (security) | fixed | 146.0.7680.71-1~deb12u1 | - |
| trixie | fixed | 145.0.7632.159-1~deb13u1 | - |
| trixie (security) | fixed | 146.0.7680.71-1~deb13u1 | - |
| forky | fixed | 146.0.7680.71-1 | - |
| sid | fixed | 146.0.7680.80-1 | - |
| bullseye | fixed | (unfixed) | end-of-life |
| (unstable) | fixed | 137.0.7151.119-1 | - |
Share
External POC / Exploit Code
Leaving vuln.today