CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5067 – Debian Security Advisory 5929-1
https://notcve.org/view.php?id=CVE-2025-5067
27 May 2025 — Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.55-3~deb12u1. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5283 – libvpx: Double-free in libvpx encoder
https://notcve.org/view.php?id=CVE-2025-5283
27 May 2025 — Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) A flaw was found in libvpx. A double-free issue can occur in `vpx_codec_enc_init_multi` after a failed allocation when initializing the encoder for WebRTC. This can cause memory corruption and an exploitable crash. An update for libvpx is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update S... • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5281 – Debian Security Advisory 5929-1
https://notcve.org/view.php?id=CVE-2025-5281
27 May 2025 — Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.55-3~deb12u1. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5066 – Debian Security Advisory 5929-1
https://notcve.org/view.php?id=CVE-2025-5066
27 May 2025 — Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.55-3~deb12u1. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5065 – Debian Security Advisory 5929-1
https://notcve.org/view.php?id=CVE-2025-5065
27 May 2025 — Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.55-3~deb12u1. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5064 – Debian Security Advisory 5929-1
https://notcve.org/view.php?id=CVE-2025-5064
27 May 2025 — Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.55-3~deb12u1. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5280 – Debian Security Advisory 5929-1
https://notcve.org/view.php?id=CVE-2025-5280
27 May 2025 — Out of bounds write in V8 in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.55-3~deb12u1. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5063 – Debian Security Advisory 5929-1
https://notcve.org/view.php?id=CVE-2025-5063
27 May 2025 — Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the stable distribution (bookworm), these problems have been fixed in version 137.0.7151.55-3~deb12u1. • https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_27.html • CWE-416: Use After Free •