CVE-2025-12437: 
vulnerability analysis and mitigation

A Use-after-free vulnerability (CVE-2025-12437) was discovered in the PageInfo component of Google Chrome versions prior to 142.0.7444.59. The vulnerability was reported by Umar Farooq on September 20, 2025, and was assigned a Medium severity rating (Chrome Releases, Debian Security).

The vulnerability is classified as a Use-after-free (UAF) issue specifically affecting the PageInfo component in Google Chrome. The vulnerability received a CVSS score of 6.1 (Medium severity) and requires user interaction for successful exploitation. The technical assessment indicates that the vulnerability has network attack vector potential with low attack complexity (Palo Alto Networks).

The vulnerability could allow a remote attacker to potentially exploit heap corruption if they successfully convince a user to engage in specific UI gestures through a crafted HTML page. The impact assessment indicates potential high confidentiality, integrity, and availability risks to the affected system (Debian Security, Palo Alto Networks).

The vulnerability has been patched in Chrome version 142.0.7444.59 and later versions. For Debian systems, fixed versions are available in bookworm (142.0.7444.175-1~deb12u1) and trixie (142.0.7444.175-1~deb13u1) distributions. Prisma Browser users should upgrade to version 142.15.2.60 or later (Debian Security, Palo Alto Networks).