.jpg)
High-Severity Vulnerabilities Patched
The most critical fixes target CVE-2025-1920 and CVE-2025-2135, two types of confusion vulnerabilities in the V8 JavaScript engine.
Type confusion flaws, classified under CWE-843, occur when code initializes a resource as one type but later accesses it as an incompatible type, leading to memory corruption.
In Chrome’s case, this could allow attackers to execute arbitrary code or escape the browser’s security sandbox via a malicious HTML page.
CVE-2025-1920, reported by Excello s.r.o., earned a $7,000 bounty, while CVE-2025-2135, identified by Zhenghang Xiao (@Kipreyyy), underscores ongoing risks in V8’s architecture.
A third high-severity flaw, CVE-TBD, involves an out-of-bounds write in Chrome’s GPU component.
Such vulnerabilities enable attackers to write data beyond allocated memory boundaries, potentially crashing systems or enabling remote code execution.
GPU-related exploits are particularly concerning due to their complexity and the difficulty of detecting malicious activity post-compromise.
Tidak ada komentar:
Posting Komentar