CVE-2025-9478

HIGH

Google Chrome <139.0.7258.154 - Use After Free

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-9478. PoCs published by Kamgreen50.

AI-analyzed exploit summary This repository provides a detailed writeup on CVE-2025-9478, a use-after-free vulnerability in Microsoft Edge (Chromium) < 139.0.3405.125, including remediation steps and evidence of patching. It does not contain exploit code but offers technical context and mitigation guidance.

Description

Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Exploits (1)

nomisec WRITEUP
by Kamgreen50 · poc
https://github.com/Kamgreen50/STIG-Edge-RCE-CVE2025-9478

This repository provides a detailed writeup on CVE-2025-9478, a use-after-free vulnerability in Microsoft Edge (Chromium) < 139.0.3405.125, including remediation steps and evidence of patching. It does not contain exploit code but offers technical context and mitigation guidance.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Theoretical
Target: Microsoft Edge (Chromium) < 139.0.3405.125
No auth needed
Prerequisites: Outdated Microsoft Edge (Chromium) version · User interaction to visit a crafted HTML page
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 8.8
EPSS 0.0358
EPSS Percentile 87.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-416
Status published
Products (1)
google/chrome < 139.0.7258.154
Published Aug 26, 2025
Tracked Since Feb 18, 2026