CVE-2025-7657 is a high-severity vulnerability identified as a use-after-free issue in the WebRTC component of Google Chrome versions prior to 138.0.7204.157. This flaw allows remote attackers to potentially exploit heap corruption by enticing users to visit a maliciously crafted HTML page.
Impact:
- Remote Code Execution: Attackers can execute arbitrary code on the victim's system.
- System Compromise: The vulnerability can compromise the confidentiality, integrity, and availability of the user's browser and potentially the entire system.
As of now, there is no public proof-of-concept exploit available, and no evidence of active exploitation has been reported.
Mitigation:
- Update Chrome: Users are strongly advised to update Google Chrome to version 138.0.7204.157 or later, where this vulnerability has been patched.
- Enable Automatic Updates: Ensure that automatic updates are enabled to receive future security patches promptly.
- Exercise Caution: Be cautious when browsing and avoid clicking on untrusted links.
Source: MSRC Security Update Guide - Microsoft Security Response Center
