CVE-2025-3066

Published Apr 2, 2025

Last updated 3 days ago

CVSS high 8.8

Overview

Description
Use after free in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Source
chrome-cve-admin@google.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

chrome-cve-admin@google.com
CWE-416
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-416

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Google Chromeナビゲーション機能を含む複数の脆弱性を修正(CVE-2025-3066) #セキュリティ対策Lab #セキュリティ #Security https://t.co/R4GJghlatq

    @securityLab_jp

    2 Apr 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. グーグルは4月1日、Chrome 135をリリースし「高」深刻度の脆弱性CVE-2025-3066を含む14件のセキュリティ修正を実施。Windows/macOS向け135.0.7049.42、Linux向け135.0.7049.52など各OS別に配信 #Chrome https://t.co/tgKr5Mq9zv

    @HiroshiYoshida_

    2 Apr 2025

    80 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Chrome 135 patches 14 vulnerabilities, including high-severity CVE-2025-3066—update immediately to mitigate exploitation risks. Details: https://t.co/oOFx7Eo7aG #CyberSecurity #BrowserSecurity

    @adriananglin

    2 Apr 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Mozilla Firefox 137 e Google Chrome 135 sono le novità browser di aprile 2025 Tech, aggiornamento, barra URL calcolatrice, browser, Chrome 135, Chromium fix, controllo contrasto, CVE-2025-3066, Firefox 137, Firefox 138 beta, firma PDF, Google Chrome, Goo… https://t.co/GBfvkNWShH

    @matricedigitale

    2 Apr 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🐴 How eBPF runtime Cloud Security stops attacks like tj-actions (CVE-2025-3066), a trojan horse hidden in a trusted software component, integrated into over 23,000 software development projects ⬅️ In a new blog post, we break down the GitHub Action supply chain attack, https://

    @SentinelOne

    21 Mar 2025

    832 Impressions

    1 Retweet

    6 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References