Chrome Patches Critical V8 Zero-Day Exploited in Attacks (CVE-2025-7890)

Google has issued an urgent security update for Chrome, addressing CVE-2025-7890, a critical use-after-free (UAF) vulnerability within the V8 JavaScript engine. This zero-day flaw is confirmed by Google's Threat Analysis Group (TAG) to be under active exploitation in targeted attacks. All users are strongly advised to update their Chrome browsers immediately to mitigate the significant risk posed by this vulnerability.

Chrome Security Update: CVE-2025-7890

Vulnerability Overview

• CVE ID(s): CVE-2025-7890
• Severity: Critical (CVSS 3.1: 9.8)
• Vulnerability Type: Use-After-Free (UAF)
• Affected Component: V8 JavaScript Engine
• Affected Versions: Chrome versions prior to 132.0.6600.100
• Platforms: Windows, macOS, Linux
• Exploitation Status: Zero-day, actively exploited in the wild

Technical Details

The CVE-2025-7890 vulnerability is categorized as a use-after-free (UAF) flaw, which typically arises when a program attempts to use memory after it has been freed. In the context of the V8 JavaScript engine, this critical error can enable attackers to craft malicious webpages that, when visited, trigger memory corruption. Such corruption can lead to arbitrary code execution within the renderer process, potentially allowing an attacker to bypass Chrome's sandbox and execute code on the underlying operating system.

Google's Threat Analysis Group (TAG) reported active exploitation of this vulnerability in targeted attacks, indicating that sophisticated threat actors are leveraging this flaw as part of a larger exploit chain. While specific details of the attack campaigns remain undisclosed to prevent further exploitation, UAF vulnerabilities in V8 are frequently used as an initial arbitrary code execution primitive. Attackers typically combine these with additional sandbox escape techniques to achieve full system compromise.

Patch Information

• Fixed Version: Chrome 132.0.6600.100
• Release Date: October 24, 2025
• Rollout Status: Staged rollout, immediate availability for manual updates
• Update Method: Users can update Chrome by navigating to Settings > About Chrome. The browser will automatically check for and apply the update. A restart is required for the changes to take effect.