Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Metrics
NVD enrichment efforts reference publicly available information to associate
vector strings. CVSS information contributed by other sources is also
displayed.
CVSS 4.0 Severity and Vector Strings:
NIST: NVD
NVD assessment
not yet provided.
CVSS 3.x Severity and Vector Strings:
NIST: NVD
Base
Score: N/A
NVD assessment
not yet provided.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0 Severity and Vector Strings:
NIST: NVD
Base
Score: N/A
NVD assessment
not yet provided.
This CVE is in CISA's Known Exploited Vulnerabilities Catalog
Reference
CISA's BOD 22-01 and Known
Exploited Vulnerabilities Catalog for further guidance and requirements.
| Vulnerability Name |
Date Added |
Due Date |
Required Action |
| Google Chromium V8 Out-of-Bounds Read and Write Vulnerability |
06/05/2025 |
06/26/2025 |
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
Weakness Enumeration
| CWE-ID |
CWE Name |
Source |
|
CWE-125
|
Out-of-bounds Read |
CISA-ADP
|
|
CWE-787
|
Out-of-bounds Write |
CISA-ADP
|
Change History
11 change records found show changes
Modified Analysis by NIST 10/24/2025 10:06:46 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference Type |
|
CISA-ADP: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5419 Types: US Government Resource
|
CVE Modified by CISA-ADP 10/21/2025 7:17:07 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
|
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5419
|
CVE Modified by CISA-ADP 10/21/2025 4:20:50 PM
| Action |
Type |
Old Value |
New Value |
| Removed |
Reference |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5419
|
|
CVE Modified by CISA-ADP 10/21/2025 3:21:23 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
|
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-5419
|
Modified Analysis by NIST 6/23/2025 2:29:13 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
|
OR
*cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:* versions up to (excluding) 137.0.3296.62
|
| Added |
Reference Type |
|
CVE: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419 Types: Third Party Advisory
|
CVE Modified by CVE 6/23/2025 8:15:23 AM
| Action |
Type |
Old Value |
New Value |
| Added |
Reference |
|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-5419
|
CVE CISA KEV Update by Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government 6/05/2025 9:00:03 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Date Added |
|
2025-06-05
|
| Added |
Due Date |
|
2025-06-26
|
| Added |
Required Action |
|
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
|
| Added |
Vulnerability Name |
|
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
|
Initial Analysis by NIST 6/05/2025 10:10:50 AM
| Action |
Type |
Old Value |
New Value |
| Added |
CPE Configuration |
|
OR
*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* versions up to (excluding) 137.0.7151.68
|
| Added |
Reference Type |
|
Chrome: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html Types: Release Notes
|
| Added |
Reference Type |
|
Chrome: https://issues.chromium.org/issues/420636529 Types: Permissions Required
|
CVE Modified by CISA-ADP 6/03/2025 10:15:50 AM
| Action |
Type |
Old Value |
New Value |
| Added |
CWE |
|
CWE-125
|
CVE Modified by CISA-ADP 6/02/2025 11:15:28 PM
| Action |
Type |
Old Value |
New Value |
| Added |
CVSS V3.1 |
|
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| Added |
CWE |
|
CWE-787
|
New CVE Received from Chrome 6/02/2025 8:15:21 PM
| Action |
Type |
Old Value |
New Value |
| Added |
Description |
|
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
| Added |
Reference |
|
https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
|
| Added |
Reference |
|
https://issues.chromium.org/issues/420636529
|