CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12911
https://notcve.org/view.php?id=CVE-2025-12911
07 Nov 2025 — Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12910
https://notcve.org/view.php?id=CVE-2025-12910
07 Nov 2025 — Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html • CWE-1295: Debug Messages Revealing Unnecessary Information •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12909
https://notcve.org/view.php?id=CVE-2025-12909
07 Nov 2025 — Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html • CWE-693: Protection Mechanism Failure •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12908
https://notcve.org/view.php?id=CVE-2025-12908
07 Nov 2025 — Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12907
https://notcve.org/view.php?id=CVE-2025-12907
07 Nov 2025 — Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12906
https://notcve.org/view.php?id=CVE-2025-12906
07 Nov 2025 — Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html • CWE-693: Protection Mechanism Failure •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12905
https://notcve.org/view.php?id=CVE-2025-12905
07 Nov 2025 — Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low) • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop.html • CWE-346: Origin Validation Error •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12726 – openSUSE Security Advisory - openSUSE-SU-2025:0422-1
https://notcve.org/view.php?id=CVE-2025-12726
05 Nov 2025 — Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) Inappropriate implementation in Views. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in ve... • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12727 – openSUSE Security Advisory - openSUSE-SU-2025:0422-1
https://notcve.org/view.php?id=CVE-2025-12727
05 Nov 2025 — Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Inappropriate implementation in V8. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.134-1~deb12u1. For the stable dist... • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12728 – openSUSE Security Advisory - openSUSE-SU-2025:0422-1
https://notcve.org/view.php?id=CVE-2025-12728
05 Nov 2025 — Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Inappropriate implementation in Omnibox. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been ... • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •