Skip to main content

External Control of Assumed-Immutable Web Parameter

CVE-2025-0436

Severity High
Score 8.8/10

Summary

Integer overflow in Skia in Google Chrome versions prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-472 - External Control of Assumed-Immutable Web Parameter

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.

Advisory Timeline

  • Published