apk package
wolfi/chromium
pkg:apk/wolfi/chromium
Vulnerabilities (1,378)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8639 | — | < 128.0.6613.137-r0 | 128.0.6613.137-r0 | Sep 11, 2024 | Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8638 | — | < 128.0.6613.137-r0 | 128.0.6613.137-r0 | Sep 11, 2024 | Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8637 | — | < 128.0.6613.137-r0 | 128.0.6613.137-r0 | Sep 11, 2024 | Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8636 | — | < 128.0.6613.137-r0 | 128.0.6613.137-r0 | Sep 11, 2024 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-7970 | — | < 128.0.6613.119-r0 | 128.0.6613.119-r0 | Sep 3, 2024 | Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8362 | — | < 128.0.6613.119-r0 | 128.0.6613.119-r0 | Sep 3, 2024 | Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8198 | — | < 128.0.6613.119-r0 | 128.0.6613.119-r0 | Aug 28, 2024 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8194 | — | < 128.0.6613.119-r0 | 128.0.6613.119-r0 | Aug 28, 2024 | Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8193 | — | < 128.0.6613.119-r0 | 128.0.6613.119-r0 | Aug 28, 2024 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-8035 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2024-8034 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2024-8033 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2024-7981 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2024-7980 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | ||
| CVE-2024-7979 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) | ||
| CVE-2024-7978 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-7977 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | ||
| CVE-2024-7976 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-7975 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2024-7974 | — | < 128.0.6613.84-r0 | 128.0.6613.84-r0 | Aug 21, 2024 | Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) |
- CVE-2024-8639Sep 11, 2024affected < 128.0.6613.137-r0fixed 128.0.6613.137-r0
Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8638Sep 11, 2024affected < 128.0.6613.137-r0fixed 128.0.6613.137-r0
Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8637Sep 11, 2024affected < 128.0.6613.137-r0fixed 128.0.6613.137-r0
Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8636Sep 11, 2024affected < 128.0.6613.137-r0fixed 128.0.6613.137-r0
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-7970Sep 3, 2024affected < 128.0.6613.119-r0fixed 128.0.6613.119-r0
Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8362Sep 3, 2024affected < 128.0.6613.119-r0fixed 128.0.6613.119-r0
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8198Aug 28, 2024affected < 128.0.6613.119-r0fixed 128.0.6613.119-r0
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8194Aug 28, 2024affected < 128.0.6613.119-r0fixed 128.0.6613.119-r0
Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8193Aug 28, 2024affected < 128.0.6613.119-r0fixed 128.0.6613.119-r0
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-8035Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-8034Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-8033Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-7981Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2024-7980Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
- CVE-2024-7979Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium)
- CVE-2024-7978Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-7977Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium)
- CVE-2024-7976Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-7975Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2024-7974Aug 21, 2024affected < 128.0.6613.84-r0fixed 128.0.6613.84-r0
Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Page 62 of 69