Submit finding

All findings

CVE-2025-9132 high

Chrome V8 out-of-bounds write reported by Google Big Sleep

Chrome 139 fixed CVE-2025-9132, a high-severity V8 out-of-bounds write reported by Google Big Sleep.

Bug class
Out-of-bounds write -> heap corruption
Affected codebase
Google Chrome V8
Credited system
Google Big Sleep
Disclosed
August 19, 2025
Attribution
Direct source attribution
Severity
high
Source status: Direct Chrome release note credits Google Big Sleep; NVD confirms affected versions and CVSS vector.

Summary

Chrome 139.0.7258.138/.139 for Windows and Mac, and 139.0.7258.138 for Linux, shipped a fix for CVE-2025-9132. Google’s release note lists the issue as a high-severity out-of-bounds write in V8 and credits Google Big Sleep with the report.

NVD describes the vulnerability as a V8 out-of-bounds write in Chrome versions prior to 139.0.7258.138 that could allow a remote attacker to potentially exploit heap corruption via crafted HTML.

Why it matters

V8 is a high-value target because a browser memory-corruption bug can sit close to a practical exploit chain. The public record does not say Big Sleep produced a full exploit, and we do not infer one. The record does show that an AI vulnerability-research system produced a report accepted into Chrome’s normal security release process.

That is exactly the sort of high-signal, high-trust data point this index is designed to preserve.

References

Catalogued in the Bugflation public ledger. Disagree with the attribution or severity label? Email the desk.