Medium severity5.4NVD Advisory· Published May 27, 2025· Updated Jun 17, 2026
CVE-2025-5283
CVE-2025-5283
Description
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Affected products
21- osv-coords18 versionspkg:apk/chainguard/chromiumpkg:apk/chainguard/chromium-docker-selenium-compatpkg:apk/chainguard/chromium-langpkg:apk/chainguard/chromium-qtpkg:apk/chainguard/firefoxpkg:apk/chainguard/firefox-esrpkg:apk/wolfi/chromiumpkg:apk/wolfi/chromium-docker-selenium-compatpkg:apk/wolfi/chromium-langpkg:apk/wolfi/chromium-qtpkg:apk/wolfi/firefoxpkg:rpm/almalinux/libvpxpkg:rpm/almalinux/libvpx-develpkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/mozjs128&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/mozjs128&distro=openSUSE%20Tumbleweedpkg:rpm/suse/mozjs128&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/mozjs128&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 137.0.7151.55-r0+ 17 more
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 128.11-r0
- (no CPE)range: < 128.11-r0
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 137.0.7151.55-r0
- (no CPE)range: < 128.11-r0
- (no CPE)range: < 1.9.0-9.el9_6
- (no CPE)range: < 1.9.0-9.el9_6
- (no CPE)range: < 138.0.7204.96-1.1
- (no CPE)range: < 128.14.0-160000.1.1
- (no CPE)range: < 128.12.0-1.1
- (no CPE)range: < 128.14.0-160000.1.1
- (no CPE)range: < 128.14.0-160000.1.1
Patches
Vulnerability mechanics
References
5- chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.htmlnvdRelease Notes
- issues.chromium.org/issues/419467315nvdPermissions Required
- lists.debian.org/debian-lts-announce/2025/05/msg00043.htmlnvd
- lists.debian.org/debian-lts-announce/2025/05/msg00046.htmlnvd
- lists.debian.org/debian-lts-announce/2025/05/msg00052.htmlnvd
News mentions
0No linked articles in our index yet.