CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1923 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1923
05 Mar 2025 — Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1922 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1922
05 Mar 2025 — Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1921 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1921
05 Mar 2025 — Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-1230: Exposure of Sensitive Information Through Metadata •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1919 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1919
05 Mar 2025 — Out of bounds read in Media in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1918 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1918
05 Mar 2025 — Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1917 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1917
05 Mar 2025 — Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1916 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1916
05 Mar 2025 — Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1915 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1915
05 Mar 2025 — Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1914 – Debian Security Advisory 5875-1
https://notcve.org/view.php?id=CVE-2025-1914
05 Mar 2025 — Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2334 – Easy Digital Downloads Google Sheet Connector <= 1.6.6 - Cross-Site Request Forgery to Access Code Update
https://notcve.org/view.php?id=CVE-2023-2334
02 Mar 2025 — The Easy Digital Downloads Google Sheet Connector plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the access code granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •