CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-12438 – openSUSE Security Advisory - openSUSE-SU-2025:15687-1
https://notcve.org/view.php?id=CVE-2025-12438
28 Oct 2025 — Use after free in Ozone in Google Chrome on Linux and ChromeOS prior to 142.0.7444.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: Medium) Use after free in Ozone. Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 142.0.7444.59-1~deb12u1. For the stable di... • https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2025-10201 – Debian Security Advisory 5996-1
https://notcve.org/view.php?id=CVE-2025-10201
10 Sep 2025 — Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 140.0.7339.127-1~deb12u1. For the stable distribution (trixie), t... • https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_9.html • CWE-284: Improper Access Control CWE-346: Origin Validation Error •
CVSS: 6.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-6044
https://notcve.org/view.php?id=CVE-2025-6044
07 Jul 2025 — An Improper Access Control vulnerability in the Stylus Tools component of Google ChromeOS version 16238.64.0 on Lenovo devices allows a physical attacker to bypass the lock screen and access user files by removing the stylus while the device is closed and using the screen capture feature. Una vulnerabilidad de control de acceso inadecuado en el componente Stylus Tools de Google ChromeOS versión 16238.64.0 en dispositivos Lenovo permite a un atacante físico eludir la pantalla de bloqueo y acceder a los archi... • https://issues.chromium.org/issues/b/421184743 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2509
https://notcve.org/view.php?id=CVE-2025-2509
06 May 2025 — Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in util_format_description. • https://issues.chromium.org/issues/b/385851796 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 8EXPL: 1CVE-2023-52160 – wpa_supplicant: potential authorization bypass
https://notcve.org/view.php?id=CVE-2023-52160
22 Feb 2024 — The implementation of PEAP in wpa_supplicant through 2.10 allows authentication bypass. For a successful attack, wpa_supplicant must be configured to not verify the network's TLS certificate during Phase 1 authentication, and an eap_peap_decrypt vulnerability can then be abused to skip Phase 2 authentication. The attack vector is sending an EAP-TLV Success packet instead of starting Phase 2. This allows an adversary to impersonate Enterprise Wi-Fi networks. La implementación de PEAP en wpa_supplicant hasta ... • https://github.com/Helica-core/eap_pwn • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 2CVE-2023-3742
https://notcve.org/view.php?id=CVE-2023-3742
20 Dec 2023 — Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) La aplicación insuficiente de políticas en ADB en Google Chrome en ChromeOS anterior a 114.0.5735.90 permitió a un atacante local omitir las restricciones de políticas del dispositivo mediante acceso físico al dispositivo. (Severidad de seguridad de Chrome: alta) • https://bugs.chromium.org/p/chromium/issues/detail?id=1443292 •
CVSS: 10.0EPSS: 7%CPEs: 25EXPL: 2CVE-2023-5217 – Google Chromium libvpx Heap Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2023-5217
28 Sep 2023 — Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) El desbordamiento del búfer en la codificación vp8 en libvpx en Google Chrome anterior a 117.0.5938.132 y libvpx 1.13.1 permitía a un atacante remoto explotar potencialmente la corrupción del montón a través de una página HTML manipulada. (Severidad de seguridad de Chrome: alta) A... • https://github.com/UT-Security/cve-2023-5217-poc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2019-13689
https://notcve.org/view.php?id=CVE-2019-13689
25 Aug 2023 — Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) • https://bugs.chromium.org/p/chromium/issues/detail?id=960109 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2019-13690
https://notcve.org/view.php?id=CVE-2019-13690
25 Aug 2023 — Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) • https://bugs.chromium.org/p/chromium/issues/detail?id=960111 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-4369
https://notcve.org/view.php?id=CVE-2023-4369
15 Aug 2023 — Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file restrictions via a crafted HTML page. (Chromium security severity: Medium) • https://chromereleases.googleblog.com/2023/08/stable-channel-update-for-chromeos_25.html •