VYPR

apk package

chainguard/chromium

pkg:apk/chainguard/chromium

Vulnerabilities (1,378)

  • CVE-2025-0447Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-0446Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2025-0443Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0442Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0441Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0440Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0439Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-0438Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0437Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0436Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0435Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0434Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0291Jan 8, 2025
    affected < 131.0.6778.264-r0fixed 131.0.6778.264-r0

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-12695Dec 18, 2024
    affected < 131.0.6778.204-r0fixed 131.0.6778.204-r0

    Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-12694Dec 18, 2024
    affected < 131.0.6778.204-r0fixed 131.0.6778.204-r0

    Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-12693Dec 18, 2024
    affected < 131.0.6778.204-r0fixed 131.0.6778.204-r0

    Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-12692Dec 18, 2024
    affected < 131.0.6778.204-r0fixed 131.0.6778.204-r0

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-12382Dec 11, 2024
    affected < 131.0.6778.139-r0fixed 131.0.6778.139-r0

    Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-12381Dec 11, 2024
    affected < 131.0.6778.139-r0fixed 131.0.6778.139-r0

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-12053Dec 3, 2024
    affected < 131.0.6778.108-r0fixed 131.0.6778.108-r0

    Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Page 59 of 69