VYPR

apk package

wolfi/chromium

pkg:apk/wolfi/chromium

Vulnerabilities (1,378)

  • CVE-2025-3066Apr 2, 2025
    affected < 135.0.7049.52-r0fixed 135.0.7049.52-r0

    Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-2783KEVMar 26, 2025
    affected < 0fixed 0

    Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

  • CVE-2025-2136Mar 10, 2025
    affected < 134.0.6998.88-r0fixed 134.0.6998.88-r0

    Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-2135Mar 10, 2025
    affected < 134.0.6998.88-r0fixed 134.0.6998.88-r0

    Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-1918Mar 5, 2025
    affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0

    Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2025-1917Mar 5, 2025
    affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0

    Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1916Mar 5, 2025
    affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0

    Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1915Mar 5, 2025
    affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0

    Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi

  • CVE-2025-1914Mar 5, 2025
    affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0

    Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-1006Feb 19, 2025
    affected < 133.0.6943.126-r0fixed 133.0.6943.126-r0

    Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)

  • CVE-2025-0999Feb 19, 2025
    affected < 133.0.6943.126-r0fixed 133.0.6943.126-r0

    Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0997Feb 15, 2025
    affected < 133.0.6943.98-r0fixed 133.0.6943.98-r0

    Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2025-0995Feb 15, 2025
    affected < 133.0.6943.98-r0fixed 133.0.6943.98-r0

    Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0451Feb 4, 2025
    affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0

    Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2025-0445Feb 4, 2025
    affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0

    Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0444Feb 4, 2025
    affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0

    Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0762Jan 29, 2025
    affected < 132.0.6834.159-r0fixed 132.0.6834.159-r0

    Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2025-0612Jan 22, 2025
    affected < 132.0.6834.153-r0fixed 132.0.6834.153-r0

    Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0611Jan 22, 2025
    affected < 132.0.6834.153-r0fixed 132.0.6834.153-r0

    Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0448Jan 15, 2025
    affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0

    Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Page 58 of 69