CVE-2025-4372
📋 TL;DR
This is a use-after-free vulnerability in Chrome's WebAudio component that allows remote attackers to potentially exploit heap corruption. Attackers can trigger this by tricking users into visiting a malicious webpage, potentially leading to arbitrary code execution. All Chrome users on vulnerable versions are affected.
💻 Affected Systems
- Google Chrome
- Chromium-based browsers
📦 What is this software?
Chrome by Google
Google Chrome is the world's most popular web browser, used by over 3 billion users globally across Windows, macOS, Linux, Android, and iOS platforms. As a Chromium-based browser developed by Google, Chrome dominates the browser market with approximately 65% market share, making it a critical compon...
Learn more about Chrome →⚠️ Risk & Real-World Impact
Worst Case
Remote code execution with the same privileges as the Chrome process, potentially leading to full system compromise if combined with privilege escalation.
Likely Case
Browser crash (denial of service) or limited memory corruption that could be leveraged for sandbox escape in combination with other vulnerabilities.
If Mitigated
Browser crash with no data loss if sandbox holds, or successful blocking by security controls before exploitation.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious page) but no authentication. Heap corruption exploitation requires additional techniques for reliable code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 136.0.7103.92 and later
Vendor Advisory: https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop.html
Restart Required: Yes
Instructions:
1. Open Chrome. 2. Click the three-dot menu → Help → About Google Chrome. 3. Chrome will automatically check for and install updates. 4. Click 'Relaunch' to restart Chrome with the patched version.
🔧 Temporary Workarounds
Disable WebAudio
allDisable the WebAudio API via Chrome flags (breaks audio functionality on websites)
chrome://flags/#enable-webaudio → Disabled
Use site isolation
allEnsure site isolation is enabled (default in modern Chrome)
chrome://flags/#site-isolation-trial-opt-out → Disabled
🧯 If You Can't Patch
- Restrict web browsing to trusted sites only using browser policies
- Implement network filtering to block malicious sites and use web application firewall
🔍 How to Verify
Check if Vulnerable:
Check Chrome version: chrome://version and compare to vulnerable rangeCheck Version:
chrome://version (Windows/Linux/macOS) or check About in Chrome settingsVerify Fix Applied:
Verify Chrome version is 136.0.7103.92 or higher📡 Detection & Monitoring
Log Indicators:
- Chrome crash reports with WebAudio-related stack traces
- Unexpected browser process termination
Network Indicators:
- Requests to known malicious domains hosting exploit code
- Unusual WebAudio API usage patterns
SIEM Query:
source="chrome_crash_reports" AND (process="chrome" OR process="renderer") AND message="*WebAudio*" OR "*heap corruption*"