Severity
Medium
Analysis Summary
CVE-2025-5063 CVSS:8.8
Use after free in Compositing in Google Chrome allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2025-5064 CVSS:6.5
Inappropriate implementation in Background Fetch API in Google Chrome allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2025-5065 CVSS:7.5
Inappropriate implementation in FileSystemAccess API in Google Chrome allowed a remote attacker to perform UI spoofing via a crafted HTML page.
CVE-2025-5066 CVSS:7.5
Inappropriate implementation in Messages in Google Chrome on Android allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page.
CVE-2025-5067 CVSS:6.5
Inappropriate implementation in Tab Strip in Google Chrome allowed a remote attacker to perform UI spoofing via a crafted HTML page.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-5063
CVE-2025-5064
CVE-2025-5065
CVE-2025-5066
CVE-2025-5067
Affected Vendors
Affected Products
- Google Chrome - 137.0.7151.55
Remediation
Refer to Google Chrome Advisory for patch, upgrade, or suggested workaround information.