rpm package
opensuse/nodejs-electron&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/nodejs-electron&distro=openSUSE%20Tumbleweed
Vulnerabilities (125)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-4609 | Cri | 9.6 | < 35.5.0-1.1 | 35.5.0-1.1 | Aug 22, 2025 | Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |
| CVE-2025-5419 | Hig | 8.8 | KEV | < 35.6.0-1.2 | 35.6.0-1.2 | Jun 3, 2025 | Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2025-1920 | Hig | 8.8 | < 33.4.6-1.1 | 33.4.6-1.1 | Mar 10, 2025 | Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0995 | Hig | 8.8 | < 33.4.4-1.1 | 33.4.4-1.1 | Feb 15, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0445 | Med | 5.4 | < 33.4.4-1.1 | 33.4.4-1.1 | Feb 4, 2025 | Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0611 | Hig | 8.2 | < 33.4.2-1.1 | 33.4.2-1.1 | Jan 22, 2025 | Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0434 | Hig | 8.8 | < 33.3.2-1.1 | 33.3.2-1.1 | Jan 15, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-7025 | Hig | 8.8 | < 31.7.2-1.1 | 31.7.2-1.1 | Nov 27, 2024 | Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-10827 | Hig | 8.8 | < 31.7.5-1.1 | 31.7.5-1.1 | Nov 6, 2024 | Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-10231 | Hig | 8.8 | < 31.7.4-1.1 | 31.7.4-1.1 | Oct 22, 2024 | Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-9602 | Hig | 8.8 | < 31.7.1-1.1 | 31.7.1-1.1 | Oct 8, 2024 | Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-9123 | Hig | 8.8 | < 31.7.2-1.1 | 31.7.2-1.1 | Sep 25, 2024 | Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-9121 | Hig | 8.8 | < 31.7.2-1.1 | 31.7.2-1.1 | Sep 25, 2024 | Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-8636 | Hig | 8.8 | < 31.7.2-1.1 | 31.7.2-1.1 | Sep 11, 2024 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2023-39333 | Med | 5.3 | < 25.9.1-2.1 | 25.9.1-2.1 | Sep 7, 2024 | Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. | |
| CVE-2024-8362 | Hig | 8.8 | < 31.7.2-1.1 | 31.7.2-1.1 | Sep 3, 2024 | Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-8198 | Hig | 8.8 | < 31.7.2-1.1 | 31.7.2-1.1 | Aug 28, 2024 | Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-7965 | Hig | 8.8 | KEV | < 31.7.2-1.1 | 31.7.2-1.1 | Aug 21, 2024 | Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
| CVE-2024-6989 | Hig | 8.8 | < 30.4.0-1.1 | 30.4.0-1.1 | Aug 6, 2024 | Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-6776 | Hig | 8.8 | < 30.4.0-1.1 | 30.4.0-1.1 | Jul 16, 2024 | Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
- affected < 35.5.0-1.1fixed 35.5.0-1.1
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)
- affected < 35.6.0-1.2fixed 35.6.0-1.2
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 33.4.6-1.1fixed 33.4.6-1.1
Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 33.4.4-1.1fixed 33.4.4-1.1
Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 33.4.4-1.1fixed 33.4.4-1.1
Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 33.4.2-1.1fixed 33.4.2-1.1
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 33.3.2-1.1fixed 33.3.2-1.1
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.2-1.1fixed 31.7.2-1.1
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.5-1.1fixed 31.7.5-1.1
Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.4-1.1fixed 31.7.4-1.1
Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.1-1.1fixed 31.7.1-1.1
Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.2-1.1fixed 31.7.2-1.1
Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.2-1.1fixed 31.7.2-1.1
Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.2-1.1fixed 31.7.2-1.1
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 25.9.1-2.1fixed 25.9.1-2.1
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.
- affected < 31.7.2-1.1fixed 31.7.2-1.1
Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.2-1.1fixed 31.7.2-1.1
Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 31.7.2-1.1fixed 31.7.2-1.1
Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 30.4.0-1.1fixed 30.4.0-1.1
Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 30.4.0-1.1fixed 30.4.0-1.1
Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Page 1 of 7