CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-14765 – openSUSE Security Advisory - openSUSE-SU-2025:0476-1
https://notcve.org/view.php?id=CVE-2025-14765
16 Dec 2025 — Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 143.0.7499.169-1~deb12u1. For the stable distribution (trixie), these problems have been fi... • https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_16.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2025-13223 – Google Chromium V8 Type Confusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-13223
17 Nov 2025 — Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. Google is aware that an exploit for CVE-2025-13223 exists in the wild. Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption. • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12445 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12445
28 Oct 2025 — Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) Policy bypass in Extensions. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12446 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12446
28 Oct 2025 — Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low) Incorrect security UI in SplitView. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-12435 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12435
28 Oct 2025 — Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Incorrect security UI in Omnibox. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distribution ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-285: Improper Authorization CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2025-12439 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12439
28 Oct 2025 — Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium) Inappropriate implementation in App-Bound Encryption. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems hav... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12429 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12429
28 Oct 2025 — Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Inappropriate implementation in V8. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distribution ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12432 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12432
28 Oct 2025 — Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Race in V8. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distribution (trixie), these problems have been fixed ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12444 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12444
28 Oct 2025 — Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Incorrect security UI in Fullscreen UI. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12431 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12431
28 Oct 2025 — Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High) Inappropriate implementation in Extensions. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have be... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •