Heap Corruption Vulnerability in Google Chrome
CVE-2025-5283

5.4MEDIUM

Key Information:

Vendor: Google
Status: Chrome
Vendor: CVE Published:; 27 May 2025

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2025-5283?

A use after free vulnerability in the libvpx component of Google Chrome allows remote attackers to cause heap corruption through specially crafted HTML content. This could enable the execution of arbitrary code or other undesired behaviors, posing a significant security risk to users who visit affected web pages. Users are advised to upgrade to the latest version of Google Chrome to mitigate this threat.

Affected Version(s)

Chrome 137.0.7151.55

News Articles

elvis.hk

CVE-2025-5283

VulDB Recent Entries | Security

CVE-2025-5283 | Google Chrome up to 136.0.7103.113 libvpx use after free (Nessus ID 237344)(link is external) 11 hours 7 minutes ago A vulnerability was found in Google Chrome and...

5 days ago

References

https://chromereleases.googleblog.com/2025/05/stable-chan...

https://issues.chromium.org/issues/419467315

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
May 28, 2025
📰
First article discovered by elvis.hk
May 28, 2025
Vulnerability published
May 27, 2025
Vulnerability Reserved
May 27, 2025