CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12729 – openSUSE Security Advisory - openSUSE-SU-2025:0422-1
https://notcve.org/view.php?id=CVE-2025-12729
05 Nov 2025 — Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Inappropriate implementation in Omnibox. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been ... • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-12725 – openSUSE Security Advisory - openSUSE-SU-2025:0422-1
https://notcve.org/view.php?id=CVE-2025-12725
05 Nov 2025 — Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Out of bounds write in WebGPU. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.134-1~deb12u1. For the stable di... • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12429 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12429
28 Oct 2025 — Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Inappropriate implementation in V8. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distribution ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12430 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12430
28 Oct 2025 — Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) Object lifecycle issue in Media. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distribution (trixie), these... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12431 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12431
28 Oct 2025 — Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High) Inappropriate implementation in Extensions. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have be... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12432 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12432
28 Oct 2025 — Race in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Race in V8. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distribution (trixie), these problems have been fixed ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12433 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12433
28 Oct 2025 — Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Inappropriate implementation in V8. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distri... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-12434 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12434
28 Oct 2025 — Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Race in Storage. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-12435 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12435
28 Oct 2025 — Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Incorrect security UI in Omnibox. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable distribution ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-285: Improper Authorization CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-12436 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12436
28 Oct 2025 — Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium) Policy bypass in Extensions. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have ... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-306: Missing Authentication for Critical Function •