ALT Linux Team

Package chromium update in sisyphus_loongarch64 on 2025-09-19

ALT-PU-2025-11981-1

Package chromium updated to version 140.0.7339.127-alt0.port for branch sisyphus_loongarch64.

Closed vulnerabilities

Published: 2025-08-22

BDU:2025-11244

Уязвимость интерфейса ServiceWorker браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-08-18

BDU:2025-11245

Уязвимость IPC-библиотеки Mojo браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0) Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-09-10
Modified: 2025-09-22

CVE-2025-10200

Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-09-10
Modified: 2025-09-22

CVE-2025-10201

Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top