CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8576 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8576
07 Aug 2025 — Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Use after free en extensiones de Google Chrome anteriores a la versión 139.0.7258.66 permitía a un atacante remoto explotar la corrupción del montón mediante una extensión de Chrome manipulada. (Gravedad de seguridad de Chromium: Media) An update that fixes 9 vulnerabilities is now available. Chromium was up... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8577 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8577
07 Aug 2025 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Una implementación inadecuada de la interfaz de usuario en Google Chrome anterior a la versión 139.0.7258.66 permitía que un atacante remoto, tras convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, realizara una suplan... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8578 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8578
07 Aug 2025 — Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Use after free en Cast en Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto explotar la corrupción del montón mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Media) An update that fixes 9 vulnerabilities is now available. Chromium was updated to fix a missing error c... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8579 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8579
07 Aug 2025 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación inadecuada de la interfaz de usuario en Google Chrome anterior a la versión 139.0.7258.66 permitía que un atacante remoto, tras convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, realizara una suplantac... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8580 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8580
07 Aug 2025 — Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta en los sistemas de archivos de Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto suplantar la interfaz de usuario mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An update that fixes 9 vulnerabilities is now available. Chromium w... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8581 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8581
07 Aug 2025 — Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta en las extensiones de Google Chrome anteriores a la versión 139.0.7258.66 permitía que un atacante remoto, al convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, filtrara datos de origen cruzado me... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8582 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8582
07 Aug 2025 — Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) La validación insuficiente de entradas no confiables en el núcleo de Google Chrome anterior a la versión 139.0.7258.66 permitió que un atacante remoto falsificara el contenido del Omnibox (barra de URL) mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An upda... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8583 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8583
07 Aug 2025 — Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta de los permisos en Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto suplantar la interfaz de usuario mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An update that fixes 9 vulnerabilities is now available. Chromium was updated t... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8292 – openSUSE Security Advisory - openSUSE-SU-2025:15399-1
https://notcve.org/view.php?id=CVE-2025-8292
30 Jul 2025 — Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Media Stream en Google Chrome anterior a la versión 138.0.7204.183 permitía a un atacante remoto explotar la corrupción del montón mediante una página HTML manipulada. (Severidad de seguridad de Chromium: Alta) These are all security issues fixed in the chromedriver-138.0.7204.183-1.1 package on ... • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1920 – Debian Security Advisory 5877-1
https://notcve.org/view.php?id=CVE-2025-1920
28 Feb 2025 — Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Chromium 134.0.6998.88 Type Confusion in V8 Type Confusion in V8 Use after free in Inspector. Out of bounds read in V8. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_10.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •