CVE-2025-2476 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Chrome	CNA	---				---
CISA-ADP	ADP	8.8 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Debian Releases

Debian Product

Codename

chromium

bullseye (security)	vulnerable
bullseye	vulnerable
bookworm	vulnerable
bookworm (security)	134.0.6998.117-1~deb12u1 fixed
sid	134.0.6998.117-1 fixed
trixie	134.0.6998.117-1 fixed

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

Vulnerability Media Exposure

[GERMAN] Webbrowser: Google stopft kritisches Sicherheitsleck in Chrome
Google aktualisiert den Webbrowser Chrome und schließt dabei eine als kritisches Risiko eingestufte Sicherheitslücke.
Published: 2025-03-19T20:22:00+00:00
[ENGLISH] ⚡ Weekly Recap: Chrome 0-Day, IngressNightmare, Solar Bugs, DNS Tactics, and More
Every week, someone somewhere slips up—and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights—and the unexpected
Published: 2025-03-31T16:55:00+05:30

References

https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_19.html

https://issues.chromium.org/issues/401029609