PT-2025-29592 · Google+4 · Google Chrome+4
Jakebiles
·
Published
2025-06-25
·
Updated
2025-10-09
·
CVE-2025-7657
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 138.0.7204.157
Microsoft Edge (Chromium-based) versions prior to 138.0.7204.157
Chromium versions prior to 138.0.7204.157
Description
A use-after-free issue exists in the WebRTC component of Google Chrome and Chromium-based browsers. This flaw allows a remote attacker to potentially exploit heap corruption by crafting a malicious HTML page. Exploitation of this issue may lead to denial of service or arbitrary code execution. The vulnerability is related to memory usage after it has been freed. Reports indicate a proof-of-concept (PoC) exploit is available.
Recommendations
Update Google Chrome to version 138.0.7204.157 or later.
Update Microsoft Edge (Chromium-based) to version 138.0.7204.157 or later.
Update Chromium to version 138.0.7204.157 or later.
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Debian
Google Chrome
Red Os