CVE-2025-2135

Published Mar 10, 2025

Last updated 5 months ago

CVSS high 8.8

Overview

Description
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed
Products
chrome

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

chrome-cve-admin@google.com
CWE-843

Social media

Hype score
Not currently trending

  1. #VulnerabilityReport #CVE20252135 Critical Kibana Flaws: CVE-2025-2135 (CVSS 9.9) Allows Heap Corruption & RCE; Open Redirect Also Patched https://t.co/J0P5bkfmJm

    @Komodosec

    31 Jul 2025

    67 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  2. עדכון אבטחה לkibana או דרכים למניעת הסיכון למי שלא יכול לעדכן – שנובעים מcve שמיוחס לGoogle Chrome CVE-2025-2135. המערכות הפגיעות הם Kibana בגרסאות: 7.17.28 , 8.0.0  עד 8.17.7, כולל. 8.1

    @NirRoitman

    25 Jun 2025

    8 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. עדכון אבטחה לkibana או דרכים למניעת הסיכון למי שלא יכול לעדכן – שנובעים מcve שמיוחס לGoogle Chrome CVE-2025-2135. המערכות הפגיעות הם Kibana בגרסאות: 7.17.28 , 8.0.0  עד 8.17.7, כולל. 8.1

    @NirRoitman

    25 Jun 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️⚠️ CVE-2025-2135 (CVSS 9.9) the issue can be exploited through a crafted HTML page, leading to heap memory corruption—a precursor to potential remote code execution. 🎯223k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/TDc

    @fofabot

    25 Jun 2025

    1813 Impressions

    4 Retweets

    30 Likes

    10 Bookmarks

    1 Reply

    0 Quotes

  5. 🚨 Kibana users, patch NOW! 🚨 Critical flaw (CVE-2025-2135, CVSS 9.9) allows memory corruption & potential RCE via malicious HTML. Update to 7.17.29, 8.17.8, 8.18.3, or 9.0.3 ASAP! Mitigation steps inside. #Cybersecurity #Kibana #RCE https://t.co/qiu0fOSPaK

    @fernandokarl

    25 Jun 2025

    44 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [v8ctf] chrome 134.0.6998.35(update the deployed version): https://t.co/NH4t5oLcg1 https://t.co/fwZA4XYUS7 Vulnerable to fixed security bugs: CVE-2025-1920, CVE-2025-2135(confirmed, @eternalsakura13)... https://t.co/ceXLAX8f55 https://t.co/dggBGosDtM

    @xvonfers

    22 Mar 2025

    1264 Impressions

    0 Retweets

    13 Likes

    5 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2025-2135 🔴 HIGH (8.8) 🏢 Google - Chrome 🏗️ 134.0.6998.88 🔗 https://t.co/AXqQcmYw8o 🔗 https://t.co/KGEP1xzU0B #CyberCron #VulnAlert #InfoSec https://t.co/Fw0Y3EHQvf

    @cybercronai

    12 Mar 2025

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. ⚠️ Chrome Security Update - Patch for Multiple Vulnerabilities | Read more: https://t.co/oxWpOlR1up ✅ The most critical fixes target CVE-2025-1920 and CVE-2025-2135, two types of confusion vulnerabilities in the V8 JavaScript engine. #cybersecurity #chrome

    @gbhackers_news

    11 Mar 2025

    80 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️ Chrome Security Update - Patch for Multiple Vulnerabilities | Read more: https://t.co/ogM7WVGM4H ✅ The most critical fixes target CVE-2025-1920 and CVE-2025-2135, two types of confusion vulnerabilities in the V8 JavaScript engine. ✅ The update also addresses… https://t.co/n

    @The_Cyber_News

    11 Mar 2025

    352 Impressions

    1 Retweet

    6 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  10. Update on Mar 10 includes 5 security fixes. 3 fixed in v8. [398065918] CVE-2025-1920: Type Confusion Excello s.r.o. 2025-02-21 [400052777] CVE-2025-2135: Type Confusion @Kipreyyy 2025-03-02 [398999390] CVE-2025-2137: OOB read zeroxiaobai@ 2025-02-25 https://t.co/KZEEh3jzn8

    @Andrei09230811

    11 Mar 2025

    139 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  11. New post from https://t.co/uXvPWJy6tj (CVE-2025-2135 | Google Chrome up to 134.0.6998.35 V8 type confusion (ID 400052)) has been published on https://t.co/BuCWrpHTQ5

    @WolfgangSesin

    10 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CVE-2025-2135 Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium securit… https://t.co/ik6x0EAj1v

    @CVEnew

    10 Mar 2025

    419 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.