Submit finding

All findings

CVE-2025-9478 critical

Chrome ANGLE use-after-free reported by Google Big Sleep

CVE-2025-9478 is a critical Chrome ANGLE use-after-free reported by Google Big Sleep and fixed in Chrome 139.0.7258.154/.155.

Bug class
Use-after-free -> heap corruption
Affected codebase
Google Chrome ANGLE
Credited system
Google Big Sleep
Disclosed
August 26, 2025
Attribution
Direct source attribution
Severity
critical
Source status: Direct Chrome release note credits Google Big Sleep. NVD and third-party vulnerability databases corroborate the affected Chrome versions and ANGLE use-after-free classification.

Summary

Chrome 139.0.7258.154/.155 fixed CVE-2025-9478, a critical use-after-free in ANGLE. Google’s Chrome release note lists a single security fix for that build and says the issue was reported by Google Big Sleep on August 11, 2025.

The issue is important because it is a second browser-engine memory-safety data point for Big Sleep, following the V8 finding already in this ledger.

Why it matters

Big Sleep’s public record is no longer just SQLite plus one Chrome issue. By late August 2025, Chrome had shipped two separate Big Sleep-attributed browser memory-safety fixes in adjacent stable releases: CVE-2025-9132 in V8 and CVE-2025-9478 in ANGLE.

That makes Big Sleep one of the strongest directly attributed AI-discovery signals in the current public record.

References

Catalogued in the Bugflation public ledger. Disagree with the attribution or severity label? Email the desk.