CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8576 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8576
07 Aug 2025 — Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Use after free en extensiones de Google Chrome anteriores a la versión 139.0.7258.66 permitía a un atacante remoto explotar la corrupción del montón mediante una extensión de Chrome manipulada. (Gravedad de seguridad de Chromium: Media) An update that fixes 9 vulnerabilities is now available. Chromium was up... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8577 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8577
07 Aug 2025 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Una implementación inadecuada de la interfaz de usuario en Google Chrome anterior a la versión 139.0.7258.66 permitía que un atacante remoto, tras convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, realizara una suplan... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8578 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8578
07 Aug 2025 — Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Use after free en Cast en Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto explotar la corrupción del montón mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Media) An update that fixes 9 vulnerabilities is now available. Chromium was updated to fix a missing error c... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8579 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8579
07 Aug 2025 — Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación inadecuada de la interfaz de usuario en Google Chrome anterior a la versión 139.0.7258.66 permitía que un atacante remoto, tras convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, realizara una suplantac... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8580 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8580
07 Aug 2025 — Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta en los sistemas de archivos de Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto suplantar la interfaz de usuario mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An update that fixes 9 vulnerabilities is now available. Chromium w... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8581 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8581
07 Aug 2025 — Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta en las extensiones de Google Chrome anteriores a la versión 139.0.7258.66 permitía que un atacante remoto, al convencer a un usuario para que realizara gestos específicos de la interfaz de usuario, filtrara datos de origen cruzado me... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8582 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8582
07 Aug 2025 — Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) La validación insuficiente de entradas no confiables en el núcleo de Google Chrome anterior a la versión 139.0.7258.66 permitió que un atacante remoto falsificara el contenido del Omnibox (barra de URL) mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An upda... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8583 – openSUSE Security Advisory - openSUSE-SU-2025:0286-1
https://notcve.org/view.php?id=CVE-2025-8583
07 Aug 2025 — Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Una implementación incorrecta de los permisos en Google Chrome anterior a la versión 139.0.7258.66 permitía a un atacante remoto suplantar la interfaz de usuario mediante una página HTML manipulada. (Gravedad de seguridad de Chromium: Baja) An update that fixes 9 vulnerabilities is now available. Chromium was updated t... • https://chromereleases.googleblog.com/2025/08/stable-channel-update-for-desktop.html • CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-8292 – openSUSE Security Advisory - openSUSE-SU-2025:15399-1
https://notcve.org/view.php?id=CVE-2025-8292
30 Jul 2025 — Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Use after free en Media Stream en Google Chrome anterior a la versión 138.0.7204.183 permitía a un atacante remoto explotar la corrupción del montón mediante una página HTML manipulada. (Severidad de seguridad de Chromium: Alta) These are all security issues fixed in the chromedriver-138.0.7204.183-1.1 package on ... • https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_29.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7012
https://notcve.org/view.php?id=CVE-2023-7012
16 Jul 2024 — Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_12.html • CWE-20: Improper Input Validation CWE-138: Improper Neutralization of Special Elements •