ALT Linux Team

Package chromium update in sisyphus on 2025-01-17

ALT-PU-2025-1418-3

Package chromium updated to version 132.0.6834.83-alt1 for branch sisyphus in task 369761.

Closed vulnerabilities

Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00712

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00713

Уязвимость функции Navigation браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить подмену пользовательского интерфейса

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2025-01-27
Modified: 2026-04-09

BDU:2025-00715

Уязвимость графической библиотеки Skia браузера Google Chrome и Microsoft Edge, позволяющая нарушителю проводить межсайтовые сценарные атаки

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00716

Уязвимость компонента Metrics браузера Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00717

Уязвимость компонента Tracing браузера Google Chrome и Microsoft Edge, позволяющая нарушителю межсайтовые сценарные атаки

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00748

Уязвимость компонента Frames браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить подмену пользовательского интерфейса

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00749

Уязвимость реализации прикладного программного интерфейса браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить подмену пользовательского интерфейса

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00750

Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome и Microsoft Edge, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00751

Уязвимость компонента Payments браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить подмену пользовательского интерфейса

Severity: MEDIUM (6.5)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Severity: HIGH (7.8)Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00752

Уязвимость компонента Extensions (Расширения) браузера Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00753

Уязвимость компонента Compositing браузера Google и Microsoft Edge, позволяющая нарушителю выполнить подмену пользовательского интерфейса

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00754

Уязвимость функции Navigation браузера Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-01-27
Modified: 2026-03-04

BDU:2025-00755

Уязвимость компонента Extensions (Расширения) браузера Google Chrome и Microsoft Edge, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить подмену пользовательского интерфейса

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0434

Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0435

Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0436

Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-01-15
Modified: 2025-02-03

CVE-2025-0437

Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0438

Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0439

Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0440

Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0441

Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0442

Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0446

Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0447

Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-01-15
Modified: 2025-04-21

CVE-2025-0448

Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top