CVE-2025-9132

Published Aug 20, 2025

Last updated 8 months ago

CVSS high 8.8
Google Chrome V8

Overview

Description
Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Analyzed
Products
chrome

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

chrome-cve-admin@google.com
CWE-787

Social media

Hype score
Not currently trending

  1. My progress on CVE-2025-9132: - Somewhat understood the root cause - Found precisely where the code execution ends up after the faulty jump - Stuck on how to manipulate where this jump will end up going, currently from some tinkering I can send it a few bytes before where it went

    @proteinpowder00

    16 Mar 2026

    604 Impressions

    0 Retweets

    6 Likes

    0 Bookmarks

    2 Replies

    0 Quotes

  2. #VulnerabilityReport #Chromium Google Chrome Issues High-Severity Fix for V8 Engine Vulnerability (CVE-2025-9132) https://t.co/0gS1aeBz2a

    @Komodosec

    26 Sept 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Top 5 Trending CVEs: 1 - CVE-2025-53770 2 - CVE-2025-9132 3 - CVE-2025-38494 4 - CVE-2020-14883 5 - CVE-2025-52970 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    22 Sept 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ⚠️Vulnerabilidad en Microsoft Edge ❗CVE-2025-9132 ➡️Más info: https://t.co/MvNg1chaqd https://t.co/3PTRk1oXbl

    @CERTpy

    26 Aug 2025

    90 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. URGENT: #Fedora 42 users must update Chromium to patch a critical Remote Code Execution vulnerability (CVE-2025-9132) in the V8 engine. Read more: 👉 https://t.co/nRjsejasqZ #Security https://t.co/AH3XXXypAO

    @Cezar_H_Linux

    26 Aug 2025

    52 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️Vulnerabilidad en Google Chrome ❗CVE-2025-9132 ➡️Más info: https://t.co/FTzPsfc9dK https://t.co/oLowPNucD4

    @CERTpy

    25 Aug 2025

    127 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. グーグル/Google「Chrome」深刻度“高”の脆弱性/早めに更新を-'25/08/22¦ASCII https://t.co/Btk4H5QUYe 抜粋 グーグルは8月19日 デスクトップ及びAndroid版の「Chrome」で 脆弱性の修正を含むアップデートを公開した 深刻度

    @gkgn14412

    23 Aug 2025

    75 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  8. URGENT: Critical code execution vulnerability (CVE-2025-9132) patched in #Debian's Chromium. Impact: Arbitrary code execution, DoS, data theft. Read more:👉 https://t.co/UJaTrrr2DI #Security https://t.co/NufhKkfHmU

    @Cezar_H_Linux

    22 Aug 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. ⚠️ Weekly vuln radar. https://t.co/Cd6L8ACyLV – spot what’s trending before it’s everywhere: CVE-2025-29927 CVE-2025-43300 CVE-2025-57788 (@chudyPB, Sonny) CVE-2025-9132 (@GoogleDeepMind) CVE-2025-9074 CVE-2025-57790 CVE-2025-57789 CVE-2025-57791 CVE-2024-41787

    @ptdbugs

    22 Aug 2025

    127 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Chromium: CVE-2025-9132 Out of bounds write in V8 https://t.co/2TvsIIFQYl #SecQube #cybersecurity

    @SecQube

    22 Aug 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Google、ChromeのV8エンジン 脆弱性を修正(CVE-2025-9132) https://t.co/ovaDTpOwc1 #セキュリティ対策Lab #セキュリティ #Security

    @securityLab_jp

    21 Aug 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨Aggiorna subito #Google #Chrome ⚠️L'ultimo aggiornamento risolve una vulnerabilità di cui due con gravità alta : CVE-2025-9132 Versione 139.0.7258.138/.139 per Windows, Mac e Linux https://t.co/y4DqF96OMj https://t.co/w2yIjEGtij

    @techworldaleant

    21 Aug 2025

    28 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Google Chrome 139 fixes a critical out-of-bounds write flaw in the V8 JavaScript engine (CVE-2025-9132) discovered by Big Sleep AI from Google DeepMind and Project Zero. Affects Windows, macOS, and Linux. #V8Engine #BigSleepAI #USA https://t.co/E69JxLNTcP

    @TweetThreatNews

    20 Aug 2025

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. A critical remote code execution flaw CVE-2025-9132 was found in Chrome’s V8 engine, allowing memory corruption and sandbox escape. Update to Chrome 139.0.7258.138+ to patch this risk. #ChromeUpdate #V8Engine #Google https://t.co/45UChaxxTS

    @TweetThreatNews

    20 Aug 2025

    66 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  15. 🚨 Critical Chrome update! Google patched a high-severity V8 engine vulnerability (CVE-2025-9132) allowing RCE & browser crashes. Sec pros, update your browsers immediately to stay safe! Don't let this slide. 🛡️ #ChromeSecurity #Vulnerability #InfoSec https://t.co/kv5

    @fernandokarl

    20 Aug 2025

    67 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Heads up, #CyberSecurity pros! 🚨 Google issued an EMERGENCY Chrome update for CVE-2025-9132, a critical 'out-of-bounds write' in V8 JS allowing arbitrary code execution. Patch NOW to v139.0.7258.138/.139! Protect your systems from this severe threat. 🔒 https://t.co/2oICCJzU

    @fernandokarl

    20 Aug 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Looks like the high risk V8 bug (CVE-2025-9132) found by Big Sleep AI was an OOB write: https://t.co/C5zbm8H6k5 https://t.co/L0Jdyf1JHS

    @alexjplaskett

    20 Aug 2025

    5013 Impressions

    12 Retweets

    64 Likes

    34 Bookmarks

    0 Replies

    0 Quotes

  18. Woah... (CVE-2025-9132)[436181695][explicit-resource-management]OOBW https://t.co/m6iFoERecX https://t.co/Dkkx5VPSEM PoC: https://t.co/ABbi8ZqDDI Reported by Google Big Sleep

    @xvonfers

    19 Aug 2025

    4592 Impressions

    15 Retweets

    57 Likes

    28 Bookmarks

    1 Reply

    1 Quote

  19. https://t.co/CrwHmH2lI2 [N/A][436181695] High CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep on 2025-08-04 TL;DR: Repro extremely short, bug very easily exploitable for a renderer RCE. Big Sleep is interesting indeed :)

    @0x10n

    19 Aug 2025

    8804 Impressions

    20 Retweets

    126 Likes

    46 Bookmarks

    0 Replies

    2 Quotes

Configurations

Related CVEs

  1. Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)CVE-2026-6919
  2. Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)CVE-2026-6921
  3. Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)CVE-2026-6920
  4. Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)CVE-2026-6361
  5. Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)CVE-2026-6364

References

Sources include official advisories and independent security research.