CyberSecurityBoard
Sponsor Register Login

Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution

Google has urgently patched two high-severity heap buffer overflow vulnerabilities in its Chrome browser, CVE-2025-0999, and CVE-2025-1426, that could allow attackers to execute arbitrary code and seize control of affected systems. Heap buffer overflow vulnerability enables attackers to overwrite dynamically allocated memory regions and execute arbitrary code. The V8 engine vulnerability (CVE-2025-0999) arises from improper memory management when processing JavaScript objects, enabling heap corruption through crafted HTML pages. This vulnerability arises when programs write data beyond the bounds of memory blocks allocated on the heap a dynamically managed memory area used for runtime data storage. Both vulnerabilities grant remote code execution (RCE) capabilities, potentially enabling full system compromise, data theft, or lateral movement within networks. While no active exploitation has been confirmed, the similarities to prior Chrome zero-days, such as CVE-2022-4135, a GPU heap overflow exploited in 2022, heighten concerns. Enterprise administrators should prioritize deploying the update across networks, as delayed patching leaves systems exposed to drive-by download attacks or phishing campaigns delivering exploit code.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Feb 2025 02:45:19 +0000


Cyber News related to Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution

Google Online Security Blog: Sustaining Digital Certificate Security - The Chrome Security Team prioritizes the security and privacy of Chrome's users, and we are unwilling to compromise on these values. The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to ...
1 year ago Security.googleblog.com
Google Chrome Zero-Day Bug Under Attack, Allows Code Injection - Google has patched a high-severity zero-day bug in its Chrome Web browser that attackers are actively exploiting. The vulnerability, assigned as CVE-2024-0519, is the first Chrome zero-day bug that Google has disclosed in 2024, and the second in the ...
2 years ago Darkreading.com CVE-2024-0519 CVE-2024-0517 CVE-2024-0518 Hunters
Google Patches Another Chrome Zero-Day as Browser Attacks Mount - For the fourth time since August, Google has disclosed a bug in its Chrome browser technology that attackers were actively exploiting in the wild before the company had a fix for it. Integer Overflow Bug The latest zero-day, which Google is tracking ...
2 years ago Darkreading.com CVE-2023-6345 CVE-2023-4863 CVE-2023-5217 CVE-2023-28205 CVE-2023-32409 CVE-2023-28204 CVE-2023-32373
Google patches third exploited Chrome zero-day in a week - Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. The company fixed the zero-day flaw with the release of 125.0.6422.60/.61 for Mac/Windows and 125.0.6422.60. ...
1 year ago Bleepingcomputer.com CVE-2024-4947 CVE-2024-0519 CVE-2024-2887 CVE-2024-3159 CVE-2024-4671 CVE-2024-4761
Google Chrome 0-Day Vulnerability Exploited in the Wild - Update Now - The tech giant announced yesterday that Chrome’s Stable channel has been updated to version 136.0.7103.113/.114 for Windows and Mac, and 136.0.7103.113 for Linux to address four security issues, including a high-severity zero-day flaw. Google ...
8 months ago Cybersecuritynews.com CVE-2025-4609
Alert: New Chrome Zero-Day Vulnerability Being Exploited - Google, in light of recent events, has launched a critical update for a high-severity Chrome zero-day vulnerability. As per recent reports, Google claims that the vulnerability has been actively exploited. It's worth noting that the vulnerability ...
2 years ago Securityboulevard.com CVE-2023-7024 CVE-2023-2033 CVE-2023-2136 CVE-2023-3079 CVE-2023-4762 CVE-2023-6345
Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
2 years ago Securityweek.com CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225
Chrome High-Severity Vulnerabilities Allow Attackers to Execute Arbitrary Code - Google has released an urgent security update for its Chrome browser, addressing three critical vulnerabilities that could enable attackers to execute arbitrary code on users’ systems. The most concerning issues are two high-severity type ...
6 months ago Cybersecuritynews.com CVE-2025-8010
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 year ago Securityaffairs.com
Critical Chrome Vulnerability Let Attackers Steal Data & Gain Unauthorized Access - Google has issued an urgent security update for its Chrome browser after two critical vulnerabilities were discovered. This vulnerability can allow attackers to execute arbitrary code by exploiting how Chrome processes certain media files, ...
9 months ago Cybersecuritynews.com CVE-2025-3619
Chrome 120 Patches 10 Vulnerabilities - Google on Tuesday announced the release of Chrome 120 to the stable channel with patches for 10 vulnerabilities. Of the resolved issues, five were reported by external researchers, who received a total of $15,000 in bug bounty rewards, according to ...
2 years ago Securityweek.com CVE-2023-6508 CVE-2023-6509 CVE-2023-6345
Google Releases Eighth Zero-Day Patch of 2023 for Chrome - Google has issued an urgent update to address a recently discovered vulnerability in Chrome that has been under active exploitation in the wild, marking the eighth zero-day vulnerability identified for the browser in 2023. Identified as ...
2 years ago Darkreading.com CVE-2023-7024
CVE-2023-46217 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
2 years ago Tenable.com
CVE-2023-46216 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
2 years ago Tenable.com
CVE-2023-41727 - Multiple vulnerabilities exist in Ivanti Avalanche v6.4.1 WLAvalancheService.exe.CVE-2023-41727 - MuProperty type 100 stack-based buffer overflow (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)A message sent to WLAvalancheService.exe on TCP port 1777 ...
2 years ago Tenable.com
Google fixes actively exploited sandbox escape zero day in Chrome - The security issue is described as an insufficient validation of untrusted input in ANGLE and GPU that affects Google Chrome versions before 138.0.7204.157. An attacker successfully exploiting it could perform a sandbox escape by using a specially ...
6 months ago Bleepingcomputer.com CVE-2025-7656
Weekly VulnRecap - The new year brought few new vulnerabilities, and only Ivanti Endpoint Manager and Kyber, the quantum resistant encryption algorithm, publicized new vulnerabilities or fixes. Most news derived from the active attacks on multiple older ...
2 years ago Esecurityplanet.com CVE-2023-33246 CVE-2023-37582 Rocke
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
10 months ago Cybersecuritynews.com CVE-2024-5594
Microsoft Patch Tuesday 2024: 49 Vulnerabilities are fixed - Microsoft released its first patch on Tuesday, 2024, in which nearly 49 vulnerabilities have been fixed in Microsoft products and 5 vulnerabilities in non-Microsoft products. Among these 49 vulnerabilities, there were 12 remote code execution ...
2 years ago Cybersecuritynews.com CVE-2024-20674 CVE-2024-20700 CVE-2024-0057
User-Friendly Update: Clear Your Chrome History on Android with Ease - As part of its commitment to keeping users happy, Google Chrome prioritizes providing a great experience - one of the latest examples of this is a new shortcut that makes it easier to clear browsing data on Android. Chrome has made deleting users' ...
2 years ago Cysecurity.news
The Exploration of Static vs Dynamic Code Analysis - Two essential methodologies employed for this purpose are Static Code Analysis and Dynamic Code Analysis. Static Code Analysis involves the examination of source code without its execution. In this exploration of Static vs Dynamic Code Analysis, ...
2 years ago Feeds.dzone.com
Check if you're in Google Chrome's third-party cookie phaseout test - Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test. Third-party cookies, which track users' browsing ...
1 year ago Bleepingcomputer.com
CISA warns of hackers exploiting Chrome, EoL D-Link bugs - The U.S. Cybersecurity & Infrastructure Security Agency has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. Adding the issues to the KEV catalog ...
1 year ago Bleepingcomputer.com CVE-2024-4761 CVE-2021-40655
Google Takes Down Over 50,000 Instances of Malicious Chrome Extensions - Google recently took down over 50,000 Chrome browser extensions after discovering that they were involved in malicious activity. The malicious activity included advertising click fraud, downloading malware, and displaying adware. According to Google, ...
2 years ago Thehackernews.com
Google Chrome now auto-upgrades to secure connections for all users - Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users. A limited rollout of this feature in Google Chrome began in July, but as of October ...
2 years ago Bleepingcomputer.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)