VYPR

rpm package

opensuse/nodejs-electron&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/nodejs-electron&distro=openSUSE%20Tumbleweed

Vulnerabilities (125)

  • CVE-2025-4609Aug 22, 2025
    affected < 35.5.0-1.1fixed 35.5.0-1.1

    Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

  • CVE-2025-5419KEVJun 2, 2025
    affected < 35.6.0-1.2fixed 35.6.0-1.2

    Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-1920Mar 10, 2025
    affected < 33.4.6-1.1fixed 33.4.6-1.1

    Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0995Feb 15, 2025
    affected < 33.4.4-1.1fixed 33.4.4-1.1

    Use after free in V8 in Google Chrome prior to 133.0.6943.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0445Feb 4, 2025
    affected < 33.4.4-1.1fixed 33.4.4-1.1

    Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0611Jan 22, 2025
    affected < 33.4.2-1.1fixed 33.4.2-1.1

    Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2025-0434Jan 15, 2025
    affected < 33.3.2-1.1fixed 33.3.2-1.1

    Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-7025Nov 27, 2024
    affected < 31.7.2-1.1fixed 31.7.2-1.1

    Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10827Nov 6, 2024
    affected < 31.7.5-1.1fixed 31.7.5-1.1

    Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-10231Oct 22, 2024
    affected < 31.7.4-1.1fixed 31.7.4-1.1

    Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-9602Oct 8, 2024
    affected < 31.7.1-1.1fixed 31.7.1-1.1

    Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-9123Sep 24, 2024
    affected < 31.7.2-1.1fixed 31.7.2-1.1

    Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-9121Sep 24, 2024
    affected < 31.7.2-1.1fixed 31.7.2-1.1

    Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-8636Sep 11, 2024
    affected < 31.7.2-1.1fixed 31.7.2-1.1

    Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2023-39333MedSep 7, 2024
    affected < 25.9.1-2.1fixed 25.9.1-2.1

    Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module.

  • CVE-2024-8362Sep 3, 2024
    affected < 31.7.2-1.1fixed 31.7.2-1.1

    Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-8198Aug 28, 2024
    affected < 31.7.2-1.1fixed 31.7.2-1.1

    Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-7965KEVAug 21, 2024
    affected < 31.7.2-1.1fixed 31.7.2-1.1

    Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6989Aug 6, 2024
    affected < 30.4.0-1.1fixed 30.4.0-1.1

    Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6776Jul 16, 2024
    affected < 30.4.0-1.1fixed 30.4.0-1.1

    Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 1 of 7