rpm package
opensuse/chromium&distro=openSUSE Leap 15.6
pkg:rpm/opensuse/chromium&distro=openSUSE%20Leap%2015.6
Vulnerabilities (196)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-1920 | — | < 134.0.6998.88-bp156.2.93.1 | 134.0.6998.88-bp156.2.93.1 | Mar 10, 2025 | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-1923 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2025-1922 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2025-1921 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1919 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1918 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2025-1917 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1916 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1915 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi | ||
| CVE-2025-1914 | — | < 134.0.6998.35-bp156.2.90.1 | 134.0.6998.35-bp156.2.90.1 | Mar 5, 2025 | Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-1006 | — | < 133.0.6943.126-bp156.2.84.1 | 133.0.6943.126-bp156.2.84.1 | Feb 19, 2025 | Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium) | ||
| CVE-2025-1426 | — | < 133.0.6943.126-bp156.2.84.1 | 133.0.6943.126-bp156.2.84.1 | Feb 19, 2025 | Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0999 | — | < 133.0.6943.126-bp156.2.84.1 | 133.0.6943.126-bp156.2.84.1 | Feb 19, 2025 | Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0997 | — | < 133.0.6943.98-bp156.2.81.2 | 133.0.6943.98-bp156.2.81.2 | Feb 15, 2025 | Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2025-0996 | — | < 133.0.6943.98-bp156.2.81.2 | 133.0.6943.98-bp156.2.81.2 | Feb 15, 2025 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0995 | — | < 133.0.6943.98-bp156.2.81.2 | 133.0.6943.98-bp156.2.81.2 | Feb 15, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0451 | — | < 133.0.6943.53-bp156.2.78.1 | 133.0.6943.53-bp156.2.78.1 | Feb 4, 2025 | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0445 | — | < 133.0.6943.53-bp156.2.78.1 | 133.0.6943.53-bp156.2.78.1 | Feb 4, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0444 | — | < 133.0.6943.53-bp156.2.78.1 | 133.0.6943.53-bp156.2.78.1 | Feb 4, 2025 | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0762 | — | < 132.0.6834.159-bp156.2.75.1 | 132.0.6834.159-bp156.2.75.1 | Jan 29, 2025 | Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) |
- CVE-2025-1920Mar 10, 2025affected < 134.0.6998.88-bp156.2.93.1fixed 134.0.6998.88-bp156.2.93.1
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-1923Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2025-1922Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-1921Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1919Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1918Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)
- CVE-2025-1917Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1916Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1915Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi
- CVE-2025-1914Mar 5, 2025affected < 134.0.6998.35-bp156.2.90.1fixed 134.0.6998.35-bp156.2.90.1
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-1006Feb 19, 2025affected < 133.0.6943.126-bp156.2.84.1fixed 133.0.6943.126-bp156.2.84.1
Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)
- CVE-2025-1426Feb 19, 2025affected < 133.0.6943.126-bp156.2.84.1fixed 133.0.6943.126-bp156.2.84.1
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0999Feb 19, 2025affected < 133.0.6943.126-bp156.2.84.1fixed 133.0.6943.126-bp156.2.84.1
Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0997Feb 15, 2025affected < 133.0.6943.98-bp156.2.81.2fixed 133.0.6943.98-bp156.2.81.2
Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2025-0996Feb 15, 2025affected < 133.0.6943.98-bp156.2.81.2fixed 133.0.6943.98-bp156.2.81.2
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0995Feb 15, 2025affected < 133.0.6943.98-bp156.2.81.2fixed 133.0.6943.98-bp156.2.81.2
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0451Feb 4, 2025affected < 133.0.6943.53-bp156.2.78.1fixed 133.0.6943.53-bp156.2.78.1
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-0445Feb 4, 2025affected < 133.0.6943.53-bp156.2.78.1fixed 133.0.6943.53-bp156.2.78.1
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0444Feb 4, 2025affected < 133.0.6943.53-bp156.2.78.1fixed 133.0.6943.53-bp156.2.78.1
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0762Jan 29, 2025affected < 132.0.6834.159-bp156.2.75.1fixed 132.0.6834.159-bp156.2.75.1
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Page 2 of 10