CVE-2025-8292

Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

01 Aug 2025, 14:37

Type Values Removed Values Added
First Time Apple macos
Apple
Google chrome
Linux linux Kernel
Microsoft windows
Linux
Microsoft
Google
References () https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html - () https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html - Release Notes
References () https://issues.chromium.org/issues/426054987 - () https://issues.chromium.org/issues/426054987 - Issue Tracking, Permissions Required
CPE cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

30 Jul 2025, 15:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
Summary
  • (es) Use after free en Media Stream en Google Chrome anterior a la versión 138.0.7204.183 permitía a un atacante remoto explotar la corrupción del montón mediante una página HTML manipulada. (Severidad de seguridad de Chromium: Alta)

30 Jul 2025, 02:17

Type Values Removed Values Added
New CVE

Information

Published : 2025-07-30 02:17

Updated : 2025-08-01 14:37


NVD link : CVE-2025-8292

Mitre link : CVE-2025-8292

CVE.ORG link : CVE-2025-8292


JSON object : View

Products Affected

linux

  • linux_kernel

apple

  • macos

google

  • chrome

microsoft

  • windows
CWE
CWE-416

Use After Free