apk package
wolfi/chromium-qt
pkg:apk/wolfi/chromium-qt
Vulnerabilities (215)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-2783 | — | KEV | < 0 | 0 | Mar 26, 2025 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) | |
| CVE-2025-0451 | — | < 133.0.6943.53-r0 | 133.0.6943.53-r0 | Feb 4, 2025 | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0445 | — | < 133.0.6943.53-r0 | 133.0.6943.53-r0 | Feb 4, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0444 | — | < 133.0.6943.53-r0 | 133.0.6943.53-r0 | Feb 4, 2025 | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0762 | — | < 132.0.6834.159-r0 | 132.0.6834.159-r0 | Jan 29, 2025 | Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0612 | — | < 132.0.6834.153-r0 | 132.0.6834.153-r0 | Jan 22, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0611 | — | < 132.0.6834.153-r0 | 132.0.6834.153-r0 | Jan 22, 2025 | Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0448 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2025-0447 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2025-0446 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2025-0443 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0442 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0441 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0440 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0439 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0438 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0437 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0436 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0435 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0434 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- affected < 0fixed 0
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
- CVE-2025-0451Feb 4, 2025affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-0445Feb 4, 2025affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0444Feb 4, 2025affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0762Jan 29, 2025affected < 132.0.6834.159-r0fixed 132.0.6834.159-r0
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-0612Jan 22, 2025affected < 132.0.6834.153-r0fixed 132.0.6834.153-r0
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0611Jan 22, 2025affected < 132.0.6834.153-r0fixed 132.0.6834.153-r0
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0448Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-0447Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-0446Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2025-0443Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0442Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0441Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0440Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0439Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0438Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0437Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0436Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0435Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0434Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 3 of 11