rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-2137 | — | < 134.0.6998.88-1.1 | 134.0.6998.88-1.1 | Mar 10, 2025 | Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-2136 | — | < 134.0.6998.88-1.1 | 134.0.6998.88-1.1 | Mar 10, 2025 | Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-2135 | — | < 134.0.6998.88-1.1 | 134.0.6998.88-1.1 | Mar 10, 2025 | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-1920 | — | < 134.0.6998.88-1.1 | 134.0.6998.88-1.1 | Mar 10, 2025 | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-1923 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2025-1922 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2025-1921 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1919 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1918 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) | ||
| CVE-2025-1917 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1916 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-1915 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi | ||
| CVE-2025-1914 | — | < 134.0.6998.35-1.1 | 134.0.6998.35-1.1 | Mar 5, 2025 | Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-1006 | — | < 133.0.6943.126-1.1 | 133.0.6943.126-1.1 | Feb 19, 2025 | Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium) | ||
| CVE-2025-1426 | — | < 133.0.6943.126-1.1 | 133.0.6943.126-1.1 | Feb 19, 2025 | Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0999 | — | < 133.0.6943.126-1.1 | 133.0.6943.126-1.1 | Feb 19, 2025 | Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0997 | — | < 133.0.6943.98-2.1 | 133.0.6943.98-2.1 | Feb 15, 2025 | Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||
| CVE-2025-0996 | — | < 133.0.6943.98-2.1 | 133.0.6943.98-2.1 | Feb 15, 2025 | Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0995 | — | < 133.0.6943.98-2.1 | 133.0.6943.98-2.1 | Feb 15, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0451 | — | < 133.0.6943.53-1.1 | 133.0.6943.53-1.1 | Feb 4, 2025 | Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) |
- CVE-2025-2137Mar 10, 2025affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-2136Mar 10, 2025affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1
Use after free in Inspector in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-2135Mar 10, 2025affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-1920Mar 10, 2025affected < 134.0.6998.88-1.1fixed 134.0.6998.88-1.1
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-1923Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2025-1922Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-1921Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1919Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1918Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium)
- CVE-2025-1917Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1916Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-1915Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium securi
- CVE-2025-1914Mar 5, 2025affected < 134.0.6998.35-1.1fixed 134.0.6998.35-1.1
Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-1006Feb 19, 2025affected < 133.0.6943.126-1.1fixed 133.0.6943.126-1.1
Use after free in Network in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted web app. (Chromium security severity: Medium)
- CVE-2025-1426Feb 19, 2025affected < 133.0.6943.126-1.1fixed 133.0.6943.126-1.1
Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0999Feb 19, 2025affected < 133.0.6943.126-1.1fixed 133.0.6943.126-1.1
Heap buffer overflow in V8 in Google Chrome prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0997Feb 15, 2025affected < 133.0.6943.98-2.1fixed 133.0.6943.98-2.1
Use after free in Navigation in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)
- CVE-2025-0996Feb 15, 2025affected < 133.0.6943.98-2.1fixed 133.0.6943.98-2.1
Inappropriate implementation in Browser UI in Google Chrome on Android prior to 133.0.6943.98 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0995Feb 15, 2025affected < 133.0.6943.98-2.1fixed 133.0.6943.98-2.1
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0451Feb 4, 2025affected < 133.0.6943.53-1.1fixed 133.0.6943.53-1.1
Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium)
Page 67 of 203