CVE-2025-0997 — Use After Free in Google Chrome

CWE-416 — Use After Free CWE-863 — Incorrect Authorization10 documents10 sources

Severity

8.1HIGHNVD

EPSS

0.1%

top 75.33%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Chromium Github.com Mattermost Mattermost-plugin-zoom +1 more

Timeline

PublishedFeb 15

Latest updateFeb 16

Description

Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages5 packages

▶CVEListV5google/chrome133.0.6943.98 — 133.0.6943.98

▶NVDgoogle/chrome< 133.0.6943.98

▶Debianchromium/chromium< 133.0.6943.98-1~deb12u1+2

▶Gogithub.com/mattermost_mattermost-plugin-zoom< 1.11.0

▶Palo Altopaloalto/prisma_browser

🔴Vulnerability Details

GHSA

Mattermost Plugin Zoom allows any logged-in user to change Zoom meeting restrictions for arbitrary channels↗2026-02-16

▶

GHSA

GHSA-jxfh-r792-52qr: Use after free in Navigation in Google Chrome prior to 133↗2025-02-15

▶

CVEList

CVE-2025-0997: Use after free in Navigation in Google Chrome prior to 133↗2025-02-15

▶

OSV

CVE-2025-0997: Use after free in Navigation in Google Chrome prior to 133↗2025-02-15

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2025-0007 Chromium: Monthly Vulnerability Update (March 2025)↗2025-03-12

▶

Chrome

Stable Channel Update for ChromeOS / ChromeOS Flex - M133: CVE-2025-0997↗2025-02-21

▶

Microsoft

Chromium: CVE -2025-0997 Use after free in Navigation↗2025-02-11

▶

Debian

CVE-2025-0997: chromium - Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a r...↗2025

▶