CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2025-43300 – Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2025-43300
21 Aug 2025 — An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O fra... • https://support.apple.com/en-us/124928 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8576 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8576
07 Aug 2025 — Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Use after free en extensiones de Google Chrome anteriores a la versión 139.0.7258.66 permitía a un atacante remoto explotar la corrupción del montón mediante una extensión de Chrome manipulada. (Gravedad de seguridad de Chromium: Media) An update that fixes 9 vulnerabilities is now available. Chromium was up... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8577 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8577
07 Aug 2025 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Una implementación inadecuada de la interfaz de usuario en Google Chrome anterior a la versión 139.0.7258.66 permitía que un atacante remoto, tras convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, realizara una suplan... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8578 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8578
07 Aug 2025 — Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Use after free en Cast en Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto explotar la corrupción del montón mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Media) An update that fixes 9 vulnerabilities is now available. Chromium was updated to fix a missing error c... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8579 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8579
07 Aug 2025 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación inadecuada de la interfaz de usuario en Google Chrome anterior a la versión 139.0.7258.66 permitía que un atacante remoto, tras convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, realizara una suplantac... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8580 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8580
07 Aug 2025 — Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta en los sistemas de archivos de Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto suplantar la interfaz de usuario mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An update that fixes 9 vulnerabilities is now available. Chromium w... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8581 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8581
07 Aug 2025 — Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta en las extensiones de Google Chrome anteriores a la versión 139.0.7258.66 permitía que un atacante remoto, al convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, filtrara datos de origen cruzado me... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8582 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8582
07 Aug 2025 — Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) La validación insuficiente de entradas no confiables en el núcleo de Google Chrome anterior a la versión 139.0.7258.66 permitió que un atacante remoto falsificara el contenido del Omnibox (barra de URL) mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An upda... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8583 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8583
07 Aug 2025 — Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta de los permisos en Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto suplantar la interfaz de usuario mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An update that fixes 9 vulnerabilities is now available. Chromium was updated t... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8292 – openSUSE Security Advisory - openSUSE-SU-2025:15399-1
https://notcve.org/view.php?id=CVE-2025-8292
30 Jul 2025 — Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Media Stream en Google Chrome anterior a la versión 138.0.7204.183 permitía a un atacante remoto explotar la corrupción del montón mediante una página HTML manipulada. (Severidad de seguridad de Chromium: Alta) These are all security issues fixed in the chromedriver-138.0.7204.183-1.1 package on ... • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html • CWE-416: Use After Free •