CVE-2025-5283Use After Free in Google Chrome

CWE-416Use After FreeCWE-415Double Free15 documents10 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 49.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Google ChromeMozilla ThunderbirdWebmproject Libvpx+1 more
Timeline
PublishedMay 27
Latest updateFeb 2

Description

Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages5 packages

CVEListV5google/chrome137.0.7151.55137.0.7151.55
NVDgoogle/chrome< 137.0.7151.55
Debianchromium/chromium< 137.0.7151.55-3~deb12u1+2
Debianwebmproject/libvpx< 1.9.0-1+deb11u4+3
Debianmozilla/thunderbird< 1:128.11.0esr-1~deb11u1+3

🔴Vulnerability Details

3
GHSA
GHSA-j84v-78j2-55gh: Use after free in libvpx in Google Chrome prior to 1372025-05-27
OSV
CVE-2025-5283: Use after free in libvpx in Google Chrome prior to 1372025-05-27
CVEList
CVE-2025-5283: Use after free in libvpx in Google Chrome prior to 1372025-05-27

📋Vendor Advisories

11
Ubuntu
Thunderbird vulnerabilities2026-02-02
Ubuntu
libvpx vulnerability2025-06-03
Red Hat
libvpx: Double-free in libvpx encoder2025-05-27
Chrome
Stable Channel Update for Desktop: CVE-2025-52832025-05-27
Microsoft
Chromium: CVE-2025-5283 Use after free in libvpx2025-05-13
CVE-2025-5283 — Use After Free in Google Chrome | cvebase