It is speculated that CVE-2025-0612 and CVE-2025-0611 are related to the rendering engine! (23-01-2025)

Preface: Humans have integrated smartphones (IoT) into their daily lives due to habit formation. Suddenly one day, the browsers of more than 20% of the people on the planet stopped working for half a day. Maybe you’ll see long queues outside the hospital!

It similar as an intangible control to you. Go to AI age/century, smartphone is the great partner of AI.

Background: Edge was initially built with Microsoft’s own proprietary browser engine, EdgeHTML, and their Chakra JavaScript engine. In late 2018, it was announced that Edge would be completely rebuilt as a Chromium-based browser with Blink and V8 engines.

Chrome used only WebCore, and included its own JavaScript engine named V8 and a multiprocess system. Chrome for iOS continues to use WebKit because Apple requires that web browsers on that platform must do so.

Remark: Edge was originally based on Chakra but has more recently been rebuilt using Chromium and the V8 engine. V8 is written in C++, and it’s continuously improved.

Vulnerability details:

CVE-2025-0612 Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-0611 Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Official announcement: Please refer to the link for details

https://nvd.nist.gov/vuln/detail/CVE-2025-0611

https://nvd.nist.gov/vuln/detail/CVE-2025-0612

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.