ALT-BU-2025-10328-1
Branch sisyphus_loongarch64 update bulletin.
Package chromium updated to version 139.0.7258.66-alt0.port for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2025-09454
Уязвимость браузера Google Chrome, связанная с недостаточной проверкой вводимых данных, позволяющая нарушителю реализовать спуфинг-атаку или вызвать отказ в обслуживании
BDU:2025-09455
Уязвимость элемента управления Разрешения (Permissions) браузера Google Chrome, позволяющая нарушителю выполнить подмену пользовательского интерфейса
BDU:2025-09456
Уязвимость компонента Extensions (Расширения) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2025-09463
Уязвимость компонента Cast (Трансляция) браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
BDU:2025-09475
Уязвимость интерфейса chrome.fileSystem браузера Google Chrome, позволяющая нарушителю выполнить подмену пользовательского интерфейса
Modified: 2025-08-11
CVE-2025-8576
Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
Modified: 2025-08-08
CVE-2025-8577
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-08-11
CVE-2025-8578
Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-08-08
CVE-2025-8579
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-08-08
CVE-2025-8580
Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-08-08
CVE-2025-8581
Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-08-11
CVE-2025-8582
Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-08-08
CVE-2025-8583
Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Package authenticator updated to version 4.6.2-alt1.2 for branch sisyphus_loongarch64.
Closed bugs
Аварийный останов при создании учетной записи