VYPR

apk package

wolfi/chromium

pkg:apk/wolfi/chromium

Vulnerabilities (1,378)

  • CVE-2024-3832Apr 17, 2024
    affected < 124.0.6367.60-r0fixed 124.0.6367.60-r0

    Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3515Apr 10, 2024
    affected < 123.0.6312.122-r0fixed 123.0.6312.122-r0

    Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3516Apr 10, 2024
    affected < 123.0.6312.122-r0fixed 123.0.6312.122-r0

    Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3157Apr 10, 2024
    affected < 123.0.6312.122-r0fixed 123.0.6312.122-r0

    Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)

  • CVE-2024-3159Apr 6, 2024
    affected < 123.0.6312.105-r0fixed 123.0.6312.105-r0

    Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3158Apr 6, 2024
    affected < 123.0.6312.105-r0fixed 123.0.6312.105-r0

    Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-3156Apr 6, 2024
    affected < 123.0.6312.105-r0fixed 123.0.6312.105-r0

    Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2887Mar 26, 2024
    affected < 123.0.6312.86-r0fixed 123.0.6312.86-r0

    Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2886Mar 26, 2024
    affected < 123.0.6312.86-r0fixed 123.0.6312.86-r0

    Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2631Mar 20, 2024
    affected < 123.0.6312.58-r0fixed 123.0.6312.58-r0

    Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-2629Mar 20, 2024
    affected < 123.0.6312.58-r0fixed 123.0.6312.58-r0

    Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2628Mar 20, 2024
    affected < 123.0.6312.58-r0fixed 123.0.6312.58-r0

    Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium)

  • CVE-2024-2627Mar 20, 2024
    affected < 123.0.6312.58-r0fixed 123.0.6312.58-r0

    Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2626Mar 20, 2024
    affected < 123.0.6312.58-r0fixed 123.0.6312.58-r0

    Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-2625Mar 20, 2024
    affected < 123.0.6312.58-r0fixed 123.0.6312.58-r0

    Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2400Mar 13, 2024
    affected < 122.0.6261.128-r0fixed 122.0.6261.128-r0

    Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2176Mar 6, 2024
    affected < 122.0.6261.128-r0fixed 122.0.6261.128-r0

    Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2174Mar 6, 2024
    affected < 122.0.6261.128-r0fixed 122.0.6261.128-r0

    Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-2173Mar 6, 2024
    affected < 122.0.6261.128-r0fixed 122.0.6261.128-r0

    Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-1938Feb 29, 2024
    affected < 122.0.6261.94-r0fixed 122.0.6261.94-r0

    Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Page 68 of 69