CVE-2025-6555Use After Free in Google Chrome

CWE-416Use After Free8 documents8 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 83.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeChromiumPaloalto Prisma Browser
Timeline
PublishedJun 24
Latest updateJul 23

Description

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

CVEListV5google/chrome138.0.7204.49138.0.7204.49
NVDgoogle/chrome< 138.0.7204.49
Debianchromium/chromium< 138.0.7204.49-1~deb12u1+2

🔴Vulnerability Details

3
OSV
CVE-2025-6555: Use after free in Animation in Google Chrome prior to 1382025-06-24
GHSA
GHSA-p5pm-vpwj-6rcc: Use after free in Animation in Google Chrome prior to 1382025-06-24
CVEList
CVE-2025-6555: Use after free in Animation in Google Chrome prior to 1382025-06-24

📋Vendor Advisories

4
Chrome
Stable Chanel Update for ChromeOS / ChromeOS-Flex: CVE-2025-65552025-07-23
Palo Alto
PAN-SA-2025-0013 Chromium: Monthly Vulnerability Update (July 2025)2025-07-09
Microsoft
Chromium: CVE-2025-6555 Use after free in Animation2025-06-10
Debian
CVE-2025-6555: chromium - Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a re...2025
CVE-2025-6555 — Use After Free in Google Chrome | cvebase