v8 engine

Google’s December stable update corrected two high‑severity Chromium issues — a use‑after‑free in WebGPU (CVE‑2025‑14765) and an out‑of‑bounds read/write in V8 (CVE‑2025‑14766) — and the fixes were rolled into Chrome stable (143.0.7499.146/.147), with downstream consumers such as Microsoft Edge...

Microsoft’s Security Update Guide now lists CVE-2025-14765 — an out‑of‑bounds read and write vulnerability in the V8 JavaScript engine used by Chromium — because Microsoft Edge (Chromium‑based) consumes upstream Chromium code and Microsoft publishes the Security Update Guide entry to show...

Type confusion in V8 that could be triggered by a crafted HTML page was assigned CVE‑2025‑13226 and affects Google Chrome builds prior to 142.0.7444.59, creating a high‑severity risk of heap corruption that can be weaponized into crashes or, in chained attacks, remote code execution. Security...

A type‑confusion flaw in Google’s V8 JavaScript engine — tracked as CVE‑2025‑13230 — could allow a remote attacker to trigger heap corruption by luring a user to a crafted HTML page; Chrome builds prior to 142.0.7444.59 are listed as vulnerable, and organizations should treat this as a...

The November Patch Tuesday just delivered a high‑urgency message: a critical heap‑based buffer overflow in the Microsoft Graphics Component (GDI+) and a serious Chromium/V8 flaw in Microsoft Edge are both patched — and users who delay installing updates risk remote code execution from a crafted...

Chromium’s CVE-2025-12429 — described as an inappropriate implementation in V8 — appears in Microsoft’s Security Update Guide not because Microsoft introduced the bug, but because Microsoft Edge (Chromium‑based) consumes Chromium’s open‑source engine and the guide is the downstream signal that...

Chromium’s V8 engine received a recent security entry — CVE‑2025‑11215 — described as an off‑by‑one error in V8, and it appears in Microsoft’s Security Update Guide because Microsoft Edge (Chromium‑based) consumes Chromium’s open‑source code; the Security Update Guide records upstream Chromium...

Google’s September stable update for Chrome closed a notable Use‑After‑Free (UAF) in the Dawn WebGPU implementation — tracked as CVE‑2025‑10500 — alongside several other high‑severity graphics and engine fixes; Windows users and administrators running Microsoft Edge (Chromium‑based) should treat...

Google pushed an emergency Chrome update to address CVE-2025-10585, a type confusion vulnerability in the V8 JavaScript engine that Google says is being actively exploited in the wild — and because Microsoft Edge is Chromium-based, Windows users and enterprises must confirm their Edge builds...

Chrome’s September security update closes a high-severity use-after-free vulnerability in the V8 JavaScript engine — tracked as CVE-2025-9864 — that could allow an attacker to corrupt memory and potentially achieve remote code execution through a crafted web page, and administrators of...

A high-severity memory-corruption flaw in Chromium’s V8 JavaScript engine, tracked as CVE-2025-9132, has been patched in the Chrome 139 stable update; the vulnerability is an out‑of‑bounds write that can lead to heap corruption and, in the worst case, remote code execution when a user visits a...

A race condition in V8, tracked as CVE‑2025‑8880, was disclosed by the Chromium team and fixed upstream in Chrome Stable — the flaw could allow a remote attacker to execute code inside the browser sandbox via a crafted webpage, and Chromium-based browsers (including Microsoft Edge) are advised...

Chromium’s evolution has been marked by its robust security model, open-source transparency, and its integration into numerous modern browsers—including Google Chrome and Microsoft Edge. With each major update, security professionals and the wider community scrutinize the codebase, searching for...

In the rapidly evolving landscape of web browsers, security remains an ever-present concern for both users and developers. The recent disclosure of CVE-2025-5959—a Type Confusion vulnerability identified in V8, the JavaScript and WebAssembly engine used by Chromium-based browsers—highlights both...

In another urgent call to action for the cybersecurity community, the Cybersecurity and Infrastructure Security Agency (CISA) has added a newly discovered, actively exploited vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, once again highlighting the precarious balancing act...

A critical vulnerability has once again cast a spotlight on the complex and ever-evolving landscape of web browser security, with CVE-2025-5419—a formidable out-of-bounds read and write flaw found in Chromium’s V8 JavaScript engine—emerging as a real-world threat now reportedly under active...

In the ever-evolving landscape of cybersecurity, vulnerabilities within widely used software platforms can have far-reaching implications. One such recent discovery is CVE-2025-5066, an "Inappropriate Implementation in Messages" identified within the Chromium project. This vulnerability not only...

Few actions in tech are as deceptively simple, yet as consequential, as keeping one’s browser updated. This week, Google sounded an unmistakable alarm: update Chrome immediately, or risk exposure to a slate of newly discovered vulnerabilities with the potential for far-reaching consequences...

Chromium’s CVE-2025-1914: Out-of-Bounds Read in V8 and What It Means for Windows Users In a recent security update, a critical vulnerability—CVE-2025-1914—has been identified in Chromium’s V8 JavaScript engine. This out-of-bounds read issue, first assigned by Chrome, has far-reaching...

Chromium’s V8 engine has long been the beating heart behind modern browsers like Google Chrome and Microsoft Edge. Now, with CVE-2025-1914 making its appearance as an “out of bounds read” vulnerability in V8, Windows users and IT professionals alike are looking for clear guidance. Although this...