CVE-2025-9864: 
vulnerability analysis and mitigation

A high-severity use-after-free vulnerability was discovered in the V8 JavaScript engine of Google Chrome, identified as CVE-2025-9864. The vulnerability was reported by Pavel Kuzmin of Yandex Security Team on July 28, 2025, and affects Google Chrome versions prior to 140.0.7339.80. This security flaw was officially disclosed on September 2, 2025, as part of Chrome's stable channel update (Chrome Release).

The vulnerability is classified as a use-after-free (CWE-416) issue in Chrome's V8 engine, which could allow attackers to exploit heap corruption through a specially crafted HTML page. The severity of this vulnerability is rated as High with a CVSS v3.1 base score of 8.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating significant potential impact (NVD).

The vulnerability poses significant security risks as it affects the core JavaScript engine of Chrome. With a CVSS score of 8.8, it demonstrates high potential for compromising system confidentiality, integrity, and availability. The vulnerability requires user interaction and can be exploited remotely, potentially leading to heap corruption if successfully exploited (NVD).

Google has released version 140.0.7339.80 of Chrome to address this vulnerability. Users are strongly advised to update their Chrome browsers to this version or later. The fix has been rolled out for Windows, Mac, and Linux platforms (Chrome Release).