The vulnerability, discovered by Google’s automated detection system Big Sleep on August 4, 2025, is an out-of-bounds write flaw in Chrome’s V8 JavaScript engine. This memory corruption issue allows attackers to write beyond allocated memory buffers, potentially overwriting critical system memory and enabling remote code execution or browser crashes. The flaw affects Chrome versions before 139.0.7258.138 on Windows, macOS, and Linux platforms. Exploitation requires a victim to visit a malicious website with JavaScript enabled and specially crafted content targeting the V8 engine. Google classified this as a high-severity issue due to its potential impact and began rolling out a security patch on August 19, 2025. The update is being gradually deployed to ensure stability, and users are urged to check their Chrome version and update immediately. Enterprise system administrators should prioritize deploying the patch through managed channels to mitigate risks. Google has restricted detailed vulnerability information until most users are patched to prevent exploitation by malicious actors. This incident highlights the importance of AI-powered tools like Big Sleep in proactively identifying complex vulnerabilities before they can be weaponized. Users and organizations are recommended to remain vigilant, apply updates promptly, and maintain secure browsing practices to reduce exposure to such critical threats.
👉 Pročitaj original: Cyber Security News
