Cyber Resilience

CVE-2025-0612

High

Published: 22 January 2025

Published
22 January 2025
Modified
18 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0086 75.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-0612 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Google Chrome. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 24.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-0612 is an out-of-bounds memory access vulnerability (CWE-125) in the V8 JavaScript engine within Google Chrome prior to version 132.0.6834.110. It allows potential heap corruption when processing a crafted HTML page, as reported with a Chromium security severity of High and a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

A remote attacker can exploit this vulnerability over the network with low complexity, requiring no privileges or user interaction. Exploitation via a malicious HTML page could result in heap corruption, primarily impacting availability through potential denial-of-service conditions.

Google addressed this issue in the stable channel update for desktop Chrome version 132.0.6834.110, as documented in the Chrome Releases blog (https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html) and the Chromium issue tracker (https://issues.chromium.org/issues/385155406). Security practitioners should prioritize updating affected browsers to mitigate the risk.

EU & UK References

Vulnerability details

Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Out-of-bounds access in V8 enables heap corruption via malicious HTML, directly facilitating application exploitation for DoS (T1499.004).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-9908Same product: Google Chrome
CVE-2025-2137Same product: Google Chrome
CVE-2026-9895Same product: Google Chrome
CVE-2025-1918Same product: Google Chrome
CVE-2025-1914Same product: Google Chrome
CVE-2025-0437Same product: Google Chrome
CVE-2026-9913Same product: Google Chrome
CVE-2025-1919Same product: Google Chrome
CVE-2026-10017Same product: Google Chrome
CVE-2025-12907Same product: Google Chrome

Affected Assets

google
chrome
≤ 132.0.6834.110

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates timely remediation of the out-of-bounds memory access flaw in Chrome's V8 engine by applying the vendor patch to version 132.0.6834.110.

prevent

Implements memory protection mechanisms such as ASLR and DEP to prevent exploitation of heap corruption from the V8 out-of-bounds access vulnerability.

detect

Enables scanning and monitoring to identify systems with vulnerable Chrome versions affected by this heap corruption flaw before remote exploitation.

References