CVE-2025-8292

Name of the Vulnerable Software and Affected Versions Chromium versions prior to 138.0.7204.183 Google Chrome versions prior to 138.0.7204.183 Microsoft Edge (Chromium-based) versions prior to 138.0.7204.183 openSUSE SLE-15-SP6 Fedora 41 and 42

Description A use-after-free issue exists in the Media Stream component of Chromium-based browsers, including Google Chrome and Microsoft Edge. This flaw allows a remote attacker to potentially exploit heap corruption by crafting a malicious HTML page. Exploitation of this issue could lead to arbitrary code execution, denial of service, or information disclosure. The vulnerability is related to accessing pointers to SpeechRecognitionMediaStreamAudioSinks after they have been destroyed. Multiple sources indicate this is a high-severity issue.

Recommendations Chromium versions prior to 138.0.7204.183: Upgrade to version 138.0.7204.183 or later. Google Chrome versions prior to 138.0.7204.183: Upgrade to version 138.0.7204.183 or later. Microsoft Edge (Chromium-based) versions prior to 138.0.7204.183: Upgrade to version 138.0.7204.183 or later. openSUSE SLE-15-SP6: Apply the available patch for CVE-2025-8292. Fedora 41: Use the command sudo dnf upgrade to apply the update. Fedora 42: Use the command dnf upgrade --advisory FEDORA-2025-2d776e48e1 to apply the update.