Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)
An integer underflow error (CWE-191) in the WebUI module causes an integer value to drop below the acceptable minimum, leading to improper memory operations. As a result, an attacker can trigger heap corruption by delivering a malicious file to the user. Since the attack does not require authentication or user interaction other than opening a file, the attack surface is very broad.
An attacker may potentially gain full control over the victim's system — the vulnerability provides confidentiality, integrity, and availability at a critical level (C:H/I:H/A:H), which in practice means the possibility of remote code execution (RCE).
Google Chrome should be updated immediately to version 121.0.6167.85 or later. Users of Debian Linux and Fedora distributions should apply package updates in accordance with communications published by these projects (references to fedoraproject.org lists).
Google Chrome in versions earlier than 121.0.6167.85; also affects Chrome/Chromium packages available in Debian Linux and Fedora.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian11.0Fedora Project Fedora
OSFedoraproject3839Google Chrome
APPGoogle< 121.0.6167.85
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)