ALT-BU-2025-9523-1
Branch sisyphus_riscv64 update bulletin.
Package chromium updated to version 138.0.7204.157-alt0.port.0.rv for branch sisyphus_riscv64.
Closed vulnerabilities
BDU:2025-07023
Уязвимость инструмента для оптимизации производительности веб-сайта Profiler браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2025-07024
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2025-07069
Уязвимость компонента Media браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
BDU:2025-07100
Уязвимость компонента V8 браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
BDU:2025-07783
Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю получить доступ на чтение и запись произвольных файлов
BDU:2025-08582
Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю выполнить произвольный код
Modified: 2025-06-16
CVE-2025-5958
Use after free in Media in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-06-16
CVE-2025-5959
Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-07-03
CVE-2025-6191
Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-07-03
CVE-2025-6192
Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-07-16
CVE-2025-6554
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-07-02
CVE-2025-6555
Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Modified: 2025-07-02
CVE-2025-6556
Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-07-15
CVE-2025-6557
Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Modified: 2025-07-23
CVE-2025-6558
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-07-16
CVE-2025-7656
Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Modified: 2025-07-16
CVE-2025-7657
Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Package hyprcursor-theme-future-cyan updated to version 20250317-alt1 for branch sisyphus_riscv64.
Closed bugs
Варианты стандартного курсора имеют неправильное смещение
Package samba updated to version 4.21.7-alt2 for branch sisyphus_riscv64.
Closed bugs
samba+dolphin: Стал запрашиваться пароль для открытия share, даже если выполнен вход доменным пользователем