CVE-2025-0439 — Race Condition in Google Chrome

CWE-362 — Race Condition CWE-290 — Authentication Bypass by Spoofing7 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 75.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Paloalto Prisma Browser

Timeline

PublishedJan 15

Latest updateFeb 12

Description

Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5google/chrome132.0.6834.83 — 132.0.6834.83

▶NVDgoogle/chrome< 132.0.6834.83

▶Debianchromium/chromium< 132.0.6834.83-1~deb12u1+2

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

GHSA-wphw-46wj-2jvh: Race in Frames in Google Chrome prior to 132↗2025-01-15

▶

OSV

CVE-2025-0439: Race in Frames in Google Chrome prior to 132↗2025-01-15

▶

CVEList

CVE-2025-0439: Race in Frames in Google Chrome prior to 132↗2025-01-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0004 Chromium: Monthly Vulnerability Update (February 2025)↗2025-02-12

▶

Microsoft

Chromium: CVE-2025-0439 Race in Frames↗2025-01-14

▶

Debian

CVE-2025-0439: chromium - Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker...↗2025

▶