Описание
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| chromium | fixed | 137.0.7151.55-1 | package | |
| chromium | end-of-life | bullseye | package | |
| firefox | fixed | 139.0-1 | package | |
| firefox-esr | fixed | 128.11.0esr-1 | package | |
| thunderbird | fixed | 1:128.11.0esr-1 | package | |
| libvpx | fixed | 1.15.0-2.1 | package |
Примечания
Fixed by: https://chromium.googlesource.com/webm/libvpx/+/1c758781c428c0e895645b95b8ff1512b6bdcecb
https://www.mozilla.org/en-US/security/advisories/mfsa2025-42/#CVE-2025-5283
https://www.mozilla.org/en-US/security/advisories/mfsa2025-44/#CVE-2025-5283
https://www.mozilla.org/en-US/security/advisories/mfsa2025-46/#CVE-2025-5283
EPSS
Связанные уязвимости
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
EPSS