VYPR

rpm package

opensuse/chromium&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed

Vulnerabilities (4,053)

  • CVE-2025-2137Mar 10, 2025
    affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1

    Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-2136Mar 10, 2025
    affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1

    Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-2135Mar 10, 2025
    affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1

    Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-1920Mar 10, 2025
    affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1

    Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-1923Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2025-1922Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2025-1921Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1919Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1918Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)

  • CVE-2025-1917Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1916Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-1915Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi

  • CVE-2025-1914Mar 5, 2025
    affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1

    Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-1006Feb 19, 2025
    affected < 133.0.6943.126-1.1fixed 133.0.6943.126-1.1

    Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)

  • CVE-2025-1426Feb 19, 2025
    affected < 133.0.6943.126-1.1fixed 133.0.6943.126-1.1

    Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0999Feb 19, 2025
    affected < 133.0.6943.126-1.1fixed 133.0.6943.126-1.1

    Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0997Feb 15, 2025
    affected < 133.0.6943.98-2.1fixed 133.0.6943.98-2.1

    Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2025-0996Feb 15, 2025
    affected < 133.0.6943.98-2.1fixed 133.0.6943.98-2.1

    Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0995Feb 15, 2025
    affected < 133.0.6943.98-2.1fixed 133.0.6943.98-2.1

    Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0451Feb 4, 2025
    affected < 133.0.6943.53-1.1fixed 133.0.6943.53-1.1

    Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)

Page 67 of 203