VYPR

rpm package

suse/chromium&distro=SUSE Package Hub 15 SP6

pkg:rpm/suse/chromium&distro=SUSE%20Package%20Hub%2015%20SP6

Vulnerabilities (196)

  • CVE-2024-7003MedAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2024-7001MedAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-7000HigAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6999MedAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6998HigAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6997HigAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6996LowAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6995MedAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medi

  • CVE-2024-6994HigAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2024-6991HigAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6989HigAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6988HigAug 6, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-7256HigAug 1, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-7255HigAug 1, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6990HigAug 1, 2024
    affected < 127.0.6533.119-bp156.2.14.1fixed 127.0.6533.119-bp156.2.14.1

    Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2024-6779CriJul 16, 2024
    affected < 126.0.6478.182-bp156.2.11.1fixed 126.0.6478.182-bp156.2.11.1

    Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6778HigJul 16, 2024
    affected < 126.0.6478.182-bp156.2.11.1fixed 126.0.6478.182-bp156.2.11.1

    Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-6777MedJul 16, 2024
    affected < 126.0.6478.182-bp156.2.11.1fixed 126.0.6478.182-bp156.2.11.1

    Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2024-6776HigJul 16, 2024
    affected < 126.0.6478.182-bp156.2.11.1fixed 126.0.6478.182-bp156.2.11.1

    Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2024-6775HigJul 16, 2024
    affected < 126.0.6478.182-bp156.2.11.1fixed 126.0.6478.182-bp156.2.11.1

    Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Page 8 of 10