PT-2025-26787 · Google +1 · Google Chrome +1
Ameen Basha M K
·
Published
2025-06-24
·
Updated
2025-07-01
·
CVE-2025-6557
6.4
Medium
| Base vector | Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Google Chrome versions prior to 138.0.7204.49
Description:
Insufficient data validation in DevTools in Google Chrome on Windows allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. The issue has a security severity of Low.
Recommendations:
For versions prior to 138.0.7204.49, update to version 138.0.7204.49 or later to resolve the issue. As a temporary workaround, consider restricting access to DevTools until the update is applied. Avoid using crafted HTML pages that could exploit this issue until the update is installed.
Fix
RCE
Clickjacking
Weakness Enumeration
Related Identifiers
Affected Products
References · 23
- https://bdu.fstec.ru/vul/2025-08582 · Security Note
- https://osv.dev/vulnerability/CVE-2025-6557 · Vendor Advisory
- https://security-tracker.debian.org/tracker/CVE-2025-6557 · Vendor Advisory
- https://bdu.fstec.ru/vul/2025-09103 · Security Note
- https://security-tracker.debian.org/tracker/DSA-5952-1 · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6555 · Security Note
- https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html · Vendor Advisory
- https://security-tracker.debian.org/tracker/source-package/chromium · Vendor Advisory
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6556 · Security Note
- https://nvd.nist.gov/vuln/detail/CVE-2025-6557 · Security Note
- https://bdu.fstec.ru/vul/2025-09102 · Security Note
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6557 · Security Note
- https://osv.dev/vulnerability/DSA-5952-1 · Vendor Advisory
- https://t.me/cvenotify/126595 · Telegram Post
- https://twitter.com/Cezar_H_Linux/status/1940078497029816633 · Twitter Post