CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4051 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4051
05 May 2025 — Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4052 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4052
05 May 2025 — Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-838: Inappropriate Encoding for Output Context •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-4096 – Debian Security Advisory 5914-1
https://notcve.org/view.php?id=CVE-2025-4096
05 May 2025 — Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) An update that fixes four vulnerabilities is now available. This update for chromium fixes the following issues. Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_29.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3620 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3620
16 Apr 2025 — Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) An update that fixes two vulnerabilities is now available. This update for chromium fixes the following issue. Chromium 135.0.7049.95. Heap buffer overflow in Codecs Use after free in USB. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3619 – Debian Security Advisory 5903-1
https://notcve.org/view.php?id=CVE-2025-3619
16 Apr 2025 — Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) An update that fixes two vulnerabilities is now available. This update for chromium fixes the following issue. Chromium 135.0.7049.95. Heap buffer overflow in Codecs Use after free in USB. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3074 – Debian Security Advisory 5890-1
https://notcve.org/view.php?id=CVE-2025-3074
02 Apr 2025 — Inappropriate implementation in Downloads in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3073 – Debian Security Advisory 5890-1
https://notcve.org/view.php?id=CVE-2025-3073
02 Apr 2025 — Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3072 – Debian Security Advisory 5890-1
https://notcve.org/view.php?id=CVE-2025-3072
02 Apr 2025 — Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3071 – Debian Security Advisory 5890-1
https://notcve.org/view.php?id=CVE-2025-3071
02 Apr 2025 — Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html • CWE-346: Origin Validation Error •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-3070 – Debian Security Advisory 5890-1
https://notcve.org/view.php?id=CVE-2025-3070
02 Apr 2025 — Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. • https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation CWE-1287: Improper Validation of Specified Type of Input •