How to fix EUVD-2025-19073?

Within 30 days: Identify affected systems running Animation in Google Chrome and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Use After Free affected by EUVD-2025-19073?

Organizations using Animation in Google Chrome should be aware of moderate risk from CVE-2025-6555, a use-after-free vulnerability rated CVSS 5.4. Exploitation could compromise the security of affected deployments.

EUVD-2025-19073

| CVE-2025-6555 MEDIUM

2025-06-24 [email protected]

5.4

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-19073

CVE Published

Jun 24, 2025 - 20:15 nvd

MEDIUM 5.4

Description

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Analysis

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Technical Context

A use-after-free vulnerability occurs when a program continues to use a pointer after the referenced memory has been freed, leading to undefined behavior. This vulnerability is classified as Use After Free (CWE-416).

Affected Products

Affected products: Google Chrome

Remediation

Use memory-safe languages. Implement proper object lifecycle management. Use static and dynamic analysis tools to detect UAF patterns.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.1

CVSS: +27

POC: 0

Vendor Status

Ubuntu

Priority: Medium

chromium-browser

Release	Status	Version
jammy	not-affected	code not present
noble	not-affected	code not present
oracular	not-affected	code not present
plucky	not-affected	code not present
upstream	released	-

Debian

chromium

Release	Status	Fixed Version	Urgency
bullseye (security), bullseye	vulnerable	120.0.6099.224-1~deb11u1	-
bookworm	fixed	138.0.7204.49-1~deb12u1	-
bookworm (security)	fixed	146.0.7680.71-1~deb12u1	-
trixie	fixed	145.0.7632.159-1~deb13u1	-
trixie (security)	fixed	146.0.7680.71-1~deb13u1	-
forky	fixed	146.0.7680.71-1	-
sid	fixed	146.0.7680.80-1	-
bullseye	fixed	(unfixed)	end-of-life
(unstable)	fixed	138.0.7204.49-1	-

DSA-5952-1

EUVD-2025-19073 vulnerability details – vuln.today

Back

EUVD-2025-19073

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-19073

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code