CVE-2025-2137: 
vulnerability analysis and mitigation

An out-of-bounds read vulnerability was discovered in the V8 engine of Google Chrome versions prior to 134.0.6998.88. The vulnerability was reported by researcher zeroxiaobai@ on February 25, 2025, and was assigned CVE-2025-2137. This security flaw affects Chrome browsers across Windows, Mac, and Linux platforms (Chrome Release, NVD).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) and allows a remote attacker to perform out-of-bounds memory access through a specially crafted HTML page. Google has assigned this vulnerability a Medium severity rating, while CISA-ADP has assessed it with a CVSS v3.1 base score of 8.8 (High) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

The vulnerability could allow an attacker to perform unauthorized memory access, potentially leading to information disclosure or system compromise. The high CVSS score indicates significant potential impact on the confidentiality, integrity, and availability of affected systems (NVD).

Google has addressed this vulnerability in Chrome version 134.0.6998.88 for Windows, Mac, and Linux. Users are advised to update their Chrome browsers to this version or later to mitigate the risk (Chrome Release).