apk package
wolfi/chromium
pkg:apk/wolfi/chromium
Vulnerabilities (1,378)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3066 | — | < 135.0.7049.52-r0 | 135.0.7049.52-r0 | Apr 2, 2025 | Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-2783 | — | KEV | < 0 | 0 | Mar 26, 2025 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) | |
| CVE-2025-2136 | — | < 134.0.6998.88-r0 | 134.0.6998.88-r0 | Mar 10, 2025 | Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-2135 | — | < 134.0.6998.88-r0 | 134.0.6998.88-r0 | Mar 10, 2025 | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-1918 | — | < 134.0.6998.35-r0 | 134.0.6998.35-r0 | Mar 5, 2025 | Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2025-1917 | — | < 134.0.6998.35-r0 | 134.0.6998.35-r0 | Mar 5, 2025 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1916 | — | < 134.0.6998.35-r0 | 134.0.6998.35-r0 | Mar 5, 2025 | Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1915 | — | < 134.0.6998.35-r0 | 134.0.6998.35-r0 | Mar 5, 2025 | Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi | ||
| CVE-2025-1914 | — | < 134.0.6998.35-r0 | 134.0.6998.35-r0 | Mar 5, 2025 | Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-1006 | — | < 133.0.6943.126-r0 | 133.0.6943.126-r0 | Feb 19, 2025 | Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium) | ||
| CVE-2025-0999 | — | < 133.0.6943.126-r0 | 133.0.6943.126-r0 | Feb 19, 2025 | Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0997 | — | < 133.0.6943.98-r0 | 133.0.6943.98-r0 | Feb 15, 2025 | Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2025-0995 | — | < 133.0.6943.98-r0 | 133.0.6943.98-r0 | Feb 15, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0451 | — | < 133.0.6943.53-r0 | 133.0.6943.53-r0 | Feb 4, 2025 | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0445 | — | < 133.0.6943.53-r0 | 133.0.6943.53-r0 | Feb 4, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0444 | — | < 133.0.6943.53-r0 | 133.0.6943.53-r0 | Feb 4, 2025 | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0762 | — | < 132.0.6834.159-r0 | 132.0.6834.159-r0 | Jan 29, 2025 | Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0612 | — | < 132.0.6834.153-r0 | 132.0.6834.153-r0 | Jan 22, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0611 | — | < 132.0.6834.153-r0 | 132.0.6834.153-r0 | Jan 22, 2025 | Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0448 | — | < 132.0.6834.83-r0 | 132.0.6834.83-r0 | Jan 15, 2025 | Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
- CVE-2025-3066Apr 2, 2025affected < 135.0.7049.52-r0fixed 135.0.7049.52-r0
Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 0fixed 0
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
- CVE-2025-2136Mar 10, 2025affected < 134.0.6998.88-r0fixed 134.0.6998.88-r0
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-2135Mar 10, 2025affected < 134.0.6998.88-r0fixed 134.0.6998.88-r0
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-1918Mar 5, 2025affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0
Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)
- CVE-2025-1917Mar 5, 2025affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1916Mar 5, 2025affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0
Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1915Mar 5, 2025affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi
- CVE-2025-1914Mar 5, 2025affected < 134.0.6998.35-r0fixed 134.0.6998.35-r0
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-1006Feb 19, 2025affected < 133.0.6943.126-r0fixed 133.0.6943.126-r0
Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)
- CVE-2025-0999Feb 19, 2025affected < 133.0.6943.126-r0fixed 133.0.6943.126-r0
Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0997Feb 15, 2025affected < 133.0.6943.98-r0fixed 133.0.6943.98-r0
Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2025-0995Feb 15, 2025affected < 133.0.6943.98-r0fixed 133.0.6943.98-r0
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0451Feb 4, 2025affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-0445Feb 4, 2025affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0444Feb 4, 2025affected < 133.0.6943.53-r0fixed 133.0.6943.53-r0
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0762Jan 29, 2025affected < 132.0.6834.159-r0fixed 132.0.6834.159-r0
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-0612Jan 22, 2025affected < 132.0.6834.153-r0fixed 132.0.6834.153-r0
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0611Jan 22, 2025affected < 132.0.6834.153-r0fixed 132.0.6834.153-r0
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0448Jan 15, 2025affected < 132.0.6834.83-r0fixed 132.0.6834.83-r0
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Page 58 of 69