CVE-2025-27038

Use After Free in Graphics

CVSS 7.5 HIGHEPSS 0.8%● KEVCWE-416

In short

A memory corruption flaw in Chrome's graphics rendering with Adreno GPU drivers allows an attacker to crash the browser or potentially execute malicious code by crafting a specially designed web page.

Technical detail

Use-after-free vulnerability in Adreno GPU driver integration within Chrome's graphics pipeline. Attack vector: malicious webpage with crafted graphics content; requires user to visit the page. Impact: memory corruption leading to denial of service or potential code execution.

Summary generated and translated by AI from the official description.

Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Qualcomm, Inc. · Snapdragon

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-27038