CVE-2025-4096
Debian Security Advisory 5914-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09. Insufficient data validation in DevTools. Reported by Daniel Fr�jdendahl on 2025-03-1. Inappropriate implementation in DevTools. Reported by vanillawebdev on 2025-03-10. Fixed incorrect paths in inline source maps. Fixed invalid generated source maps. Fixed a regression with non-file source map paths Update Go from 1.23.5 to 1.23.7 stability fixes Patch Instructions.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-04-29 CVE Reserved
- 2025-05-05 CVE Published
- 2025-05-06 CVE Updated
- 2025-06-23 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-122: Heap-based Buffer Overflow
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html | ||
| https://issues.chromium.org/issues/409911705 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | 136.0.7103.59 Search vendor "Google" for product "Chrome" and version "136.0.7103.59" | en |
Affected
| ||||||