AI description
CVE-2025-9864 is a use-after-free vulnerability affecting the V8 JavaScript engine in Google Chrome versions prior to 140.0.7339.80. This flaw can be triggered by a crafted HTML page, potentially leading to heap corruption. A remote attacker could exploit this vulnerability to execute arbitrary code within the Chrome renderer process. The vulnerability exists because the V8 engine reuses or references memory after it has been freed. After the memory is freed, it can be allocated again and saved in another pointer. Operations using the original pointer then become invalid because the memory belongs to the code that operates on the new pointer.
- Description
- Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- Source
- chrome-cve-admin@google.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- chrome-cve-admin@google.com
- CWE-416
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
13
CVE-2025-9864 v8 use-after-free exploit by @r1ngz3ro https://t.co/MSmsCoFfas
@dec_eax
3 Oct 2025
5291 Impressions
17 Retweets
71 Likes
57 Bookmarks
0 Replies
0 Quotes
exploit for CVE-2025-9864 , the heap spray is not 100% reliable , there is room for improvement but i think had enough time heap grooming https://t.co/Xt2TUMqGrX
@r1ngz3ro
1 Oct 2025
291 Impressions
2 Retweets
6 Likes
4 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en Microsoft Edge ❗CVE-2025-9864 ❗CVE-2025-9866 ➡️Más info: https://t.co/ODY8ITxaVb https://t.co/IMSch7Ysuv
@CERTpy
15 Sept 2025
124 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️Actualización de seguridad de Google Chrome ❗CVE-2025-9864 ➡️Más info: https://t.co/eLmrotn5d1 https://t.co/y368Zdxk16
@CERTpy
8 Sept 2025
127 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
URGENT: #openSUSE security update for Chromium patches critical CVEs (CVE-2025-9864 to CVE-2025-9867). One is a Use-After-Free flaw in V8 allowing remote code execution. Read more: 👉 https://t.co/GWdfmv6PJa #Security https://t.co/GSNheMz8zv
@Cezar_H_Linux
5 Sept 2025
91 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-9864: HIGH] Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)#cve,CVE-2025-9864,#cybersecurity https://t.co/Fg6RPQxVc9 https://t.co/Dr
@CveFindCom
5 Sept 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Chrome V8 Use-After-Free: CVE-2025-9864 A dangerous use-after-free flaw in Chrome's V8 engine allows RCE if exploited. Patch ASAP to reduce risk. For more details, read ZeroPath's blog on this vuln. #AppSec #BrowserSecurity #InfoSec https://t.co/4oa43JAjaE
@ZeroPathLabs
3 Sept 2025
55 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Google Patches High-Severity Chrome Vulnerability in Latest Update - (CVE-2025-9864) - https://t.co/6DOwEM8ZF2
@SecurityWeek
3 Sept 2025
1285 Impressions
2 Retweets
5 Likes
1 Bookmark
0 Replies
0 Quotes
(CVE-2025-9864)[434513380][maglev]UAF in v8 https://t.co/CJkMrcXeXD https://t.co/X6BQ6LP8Ec https://t.co/nXPSjNwdjK https://t.co/DnguooWdt0 https://t.co/BR6f90gXMY Reported by Pavel Kuzmin
@xvonfers
3 Sept 2025
3635 Impressions
2 Retweets
8 Likes
12 Bookmarks
0 Replies
1 Quote