rpm package
suse/chromium&distro=SUSE Package Hub 15 SP6
pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP6
Vulnerabilities (196)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-0612 | Hig | 7.5 | < 132.0.6834.110-bp156.2.72.1 | 132.0.6834.110-bp156.2.72.1 | Jan 22, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0611 | Hig | 8.2 | < 132.0.6834.110-bp156.2.72.1 | 132.0.6834.110-bp156.2.72.1 | Jan 22, 2025 | Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0448 | Med | 4.3 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2025-0447 | Hig | 8.8 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | |
| CVE-2025-0446 | Med | 4.3 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | |
| CVE-2025-0443 | Hig | 8.8 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2025-0442 | Med | 6.5 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2025-0441 | Med | 6.5 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2025-0440 | Med | 6.5 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2025-0439 | Med | 6.5 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2025-0438 | Hig | 8.8 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0437 | Hig | 8.8 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0436 | Hig | 8.8 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0435 | Med | 6.5 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2025-0434 | Hig | 8.8 | < 132.0.6834.83-bp156.2.69.1 | 132.0.6834.83-bp156.2.69.1 | Jan 15, 2025 | Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-12695 | Hig | 8.8 | < 131.0.6778.204-bp156.2.65.1 | 131.0.6778.204-bp156.2.65.1 | Dec 18, 2024 | Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-12694 | Hig | 8.8 | < 131.0.6778.204-bp156.2.65.1 | 131.0.6778.204-bp156.2.65.1 | Dec 18, 2024 | Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-12693 | Hig | 8.8 | < 131.0.6778.204-bp156.2.65.1 | 131.0.6778.204-bp156.2.65.1 | Dec 18, 2024 | Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-12692 | Hig | 8.8 | < 131.0.6778.204-bp156.2.65.1 | 131.0.6778.204-bp156.2.65.1 | Dec 18, 2024 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2024-12053 | Hig | 8.8 | < 131.0.6778.108-bp156.2.59.1 | 131.0.6778.108-bp156.2.59.1 | Dec 3, 2024 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) |
- affected < 132.0.6834.110-bp156.2.72.1fixed 132.0.6834.110-bp156.2.72.1
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 132.0.6834.110-bp156.2.72.1fixed 132.0.6834.110-bp156.2.72.1
Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)
- affected < 132.0.6834.83-bp156.2.69.1fixed 132.0.6834.83-bp156.2.69.1
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 131.0.6778.204-bp156.2.65.1fixed 131.0.6778.204-bp156.2.65.1
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- affected < 131.0.6778.204-bp156.2.65.1fixed 131.0.6778.204-bp156.2.65.1
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 131.0.6778.204-bp156.2.65.1fixed 131.0.6778.204-bp156.2.65.1
Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
- affected < 131.0.6778.204-bp156.2.65.1fixed 131.0.6778.204-bp156.2.65.1
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
- affected < 131.0.6778.108-bp156.2.59.1fixed 131.0.6778.108-bp156.2.59.1
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
Page 3 of 10