CVE-2025-5281Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure9 documents8 sources
Severity
5.4MEDIUMNVD
EPSS
0.2%
top 56.07%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumPaloalto Prisma Browser
Timeline
PublishedMay 27
Latest updateJul 14

Description

Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

CVEListV5google/chrome137.0.7151.55137.0.7151.55
NVDgoogle/chrome< 137.0.7151.55
Debianchromium/chromium< 137.0.7151.55-3~deb12u1+2

🔴Vulnerability Details

3
OSV
CVE-2025-5281: Inappropriate implementation in BFCache in Google Chrome prior to 1372025-05-27
GHSA
GHSA-hqjf-gj2q-64ch: Inappropriate implementation in BFCache in Google Chrome prior to 1372025-05-27
CVEList
CVE-2025-5281: Inappropriate implementation in BFCache in Google Chrome prior to 1372025-05-27

📋Vendor Advisories

5
Chrome
Long Term Support Channel Update for ChromeOS: CVE-2025-52812025-07-14
Palo Alto
PAN-SA-2025-0011 Chromium and Prisma Browser: Monthly Vulnerability Update (June 2025)2025-06-11
Chrome
Stable Channel Update for Desktop: CVE-2025-50652025-05-27
Microsoft
Chromium: CVE-2025-5281 Inappropriate implementation in BFCache2025-05-13
Debian
CVE-2025-5281: chromium - Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 ...2025
CVE-2025-5281 — Sensitive Information Exposure | cvebase