rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-3422 | — | < 114.0.5735.198-1.1 | 114.0.5735.198-1.1 | Jun 26, 2023 | Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3421 | — | < 114.0.5735.198-1.1 | 114.0.5735.198-1.1 | Jun 26, 2023 | Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3420 | — | < 114.0.5735.198-1.1 | 114.0.5735.198-1.1 | Jun 26, 2023 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3217 | — | < 114.0.5735.133-1.1 | 114.0.5735.133-1.1 | Jun 13, 2023 | Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3216 | — | < 114.0.5735.133-1.1 | 114.0.5735.133-1.1 | Jun 13, 2023 | Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3215 | — | < 114.0.5735.133-1.1 | 114.0.5735.133-1.1 | Jun 13, 2023 | Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-3214 | — | < 114.0.5735.133-1.1 | 114.0.5735.133-1.1 | Jun 13, 2023 | Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||
| CVE-2023-3079 | — | KEV | < 114.0.5735.106-1.1 | 114.0.5735.106-1.1 | Jun 5, 2023 | Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2023-2941 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low) | ||
| CVE-2023-2940 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2939 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | ||
| CVE-2023-2938 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2937 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||
| CVE-2023-2936 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2935 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2934 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||
| CVE-2023-2933 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2023-2932 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2023-2931 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | ||
| CVE-2023-2930 | — | < 114.0.5735.90-1.1 | 114.0.5735.90-1.1 | May 30, 2023 | Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- CVE-2023-3422Jun 26, 2023affected < 114.0.5735.198-1.1fixed 114.0.5735.198-1.1
Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3421Jun 26, 2023affected < 114.0.5735.198-1.1fixed 114.0.5735.198-1.1
Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3420Jun 26, 2023affected < 114.0.5735.198-1.1fixed 114.0.5735.198-1.1
Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3217Jun 13, 2023affected < 114.0.5735.133-1.1fixed 114.0.5735.133-1.1
Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3216Jun 13, 2023affected < 114.0.5735.133-1.1fixed 114.0.5735.133-1.1
Type confusion in V8 in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3215Jun 13, 2023affected < 114.0.5735.133-1.1fixed 114.0.5735.133-1.1
Use after free in WebRTC in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-3214Jun 13, 2023affected < 114.0.5735.133-1.1fixed 114.0.5735.133-1.1
Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
- affected < 114.0.5735.106-1.1fixed 114.0.5735.106-1.1
Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2941May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a crafted Chrome Extension. (Chromium security severity: Low)
- CVE-2023-2940May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2939May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
- CVE-2023-2938May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2937May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)
- CVE-2023-2936May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2935May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2934May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- CVE-2023-2933May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-2932May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-2931May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
- CVE-2023-2930May 30, 2023affected < 114.0.5735.90-1.1fixed 114.0.5735.90-1.1
Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 86 of 203