CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5067
https://notcve.org/view.php?id=CVE-2025-5067
27 May 2025 — Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5283 – libvpx: Double-free in libvpx encoder
https://notcve.org/view.php?id=CVE-2025-5283
27 May 2025 — Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) A flaw was found in libvpx. A double-free issue can occur in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash. An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update S... • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5281
https://notcve.org/view.php?id=CVE-2025-5281
27 May 2025 — Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5066
https://notcve.org/view.php?id=CVE-2025-5066
27 May 2025 — Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5065
https://notcve.org/view.php?id=CVE-2025-5065
27 May 2025 — Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5064
https://notcve.org/view.php?id=CVE-2025-5064
27 May 2025 — Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5280
https://notcve.org/view.php?id=CVE-2025-5280
27 May 2025 — Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5063
https://notcve.org/view.php?id=CVE-2025-5063
27 May 2025 — Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •