rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-0445 | — | < 133.0.6943.53-1.1 | 133.0.6943.53-1.1 | Feb 4, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0444 | — | < 133.0.6943.53-1.1 | 133.0.6943.53-1.1 | Feb 4, 2025 | Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0762 | — | < 132.0.6834.159-1.1 | 132.0.6834.159-1.1 | Jan 29, 2025 | Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) | ||
| CVE-2025-0612 | — | < 132.0.6834.110-1.1 | 132.0.6834.110-1.1 | Jan 22, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0611 | — | < 132.0.6834.110-1.1 | 132.0.6834.110-1.1 | Jan 22, 2025 | Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0448 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2025-0447 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | ||
| CVE-2025-0446 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2025-0443 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0442 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0441 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0440 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0439 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2025-0438 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0437 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0436 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0435 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0434 | — | < 132.0.6834.83-1.1 | 132.0.6834.83-1.1 | Jan 15, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2025-0291 | — | < 131.0.6778.264-1.1 | 131.0.6778.264-1.1 | Jan 8, 2025 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2024-12695 | — | < 131.0.6778.204-1.1 | 131.0.6778.204-1.1 | Dec 18, 2024 | Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
- CVE-2025-0445Feb 4, 2025affected < 133.0.6943.53-1.1fixed 133.0.6943.53-1.1
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0444Feb 4, 2025affected < 133.0.6943.53-1.1fixed 133.0.6943.53-1.1
Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0762Jan 29, 2025affected < 132.0.6834.159-1.1fixed 132.0.6834.159-1.1
Use after free in DevTools in Google Chrome prior to 132.0.6834.159 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
- CVE-2025-0612Jan 22, 2025affected < 132.0.6834.110-1.1fixed 132.0.6834.110-1.1
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0611Jan 22, 2025affected < 132.0.6834.110-1.1fixed 132.0.6834.110-1.1
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0448Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-0447Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
- CVE-2025-0446Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2025-0443Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0442Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0441Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0440Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0439Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2025-0438Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0437Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0436Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0435Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0434Jan 15, 2025affected < 132.0.6834.83-1.1fixed 132.0.6834.83-1.1
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2025-0291Jan 8, 2025affected < 131.0.6778.264-1.1fixed 131.0.6778.264-1.1
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- CVE-2024-12695Dec 18, 2024affected < 131.0.6778.204-1.1fixed 131.0.6778.204-1.1
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Page 68 of 203