ALT-PU-2025-16971-1

BDU:2025-12620

MEDIUM6.3

Уязвимость компонента WebGPU браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Published: 2025-10-08Modified: 2026-03-04

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2025-11205

BDU:2025-12621

MEDIUM6.3

Уязвимость компонента Video браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Published: 2025-10-08Modified: 2026-03-04

CVSS 3.xMEDIUM 6.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CVSS 2.0HIGH 7.5

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P

References

CVE-2025-11206

BDU:2025-13190

LOW3.1

Уязвимость компонента Tab браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Published: 2025-10-21Modified: 2026-03-04

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:P/I:N/A:N

References

CVE-2025-11210

BDU:2025-13254

HIGH7.5

Уязвимость компонента Media браузера Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Published: 2025-10-23Modified: 2026-03-04

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2025-11211

BDU:2025-13628

MEDIUM5.3

Уязвимость компонента Storage браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Published: 2025-11-01Modified: 2026-03-04

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2025-11207

BDU:2025-13629

MEDIUM5.4

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Published: 2025-11-01Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

References

CVE-2025-11208

BDU:2025-13630

MEDIUM5.4

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Published: 2025-11-01Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

References

CVE-2025-11212

BDU:2025-13631

MEDIUM5.4

Уязвимость компонента Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Published: 2025-11-01Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

References

CVE-2025-11209

BDU:2025-13632

MEDIUM5.4

Уязвимость компонента Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Published: 2025-11-01Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

References

CVE-2025-11213

BDU:2025-13633

MEDIUM5.4

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю, действующему удалённо, выполнить произвольный код

Published: 2025-11-01Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:P

References

CVE-2025-11215

BDU:2025-13634

LOW3.1

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю, действующему удалённо, вызвать отказ в обслуживании

Published: 2025-11-01Modified: 2026-03-04

CVSS 3.xLOW 3.1

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

CVSS 2.0LOW 2.6

CVSS:2.0/AV:N/AC:H/Au:N/C:N/I:N/A:P

References

CVE-2025-11219

CVE-2025-11205

HIGH8.8

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2025-11206

HIGH7.1

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xHIGH 7.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

References

CVE-2025-11207

MEDIUM6.5

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

References

CVE-2025-11208

MEDIUM6.3

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

CVE-2025-11209

HIGH8.2

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xHIGH 8.2

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References

CVE-2025-11210

MEDIUM5.4

Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

CVE-2025-11211

HIGH7.5

Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2025-11212

MEDIUM6.3

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

CVE-2025-11213

MEDIUM6.3

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

CVE-2025-11215

MEDIUM4.3

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References

CVE-2025-11216

MEDIUM6.3

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xMEDIUM 6.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References

CVE-2025-11219

LOW3.1

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)

Published: 2025-11-06Modified: 2025-11-13

CVSS 3.xLOW 3.1

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References

Package update chromium in branch sisyphus

Closed issues (23)

Уязвимость компонента WebGPU браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Video браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Tab браузеров Microsoft Edge и Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Уязвимость компонента Media браузера Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Storage браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Уязвимость компонента Media браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Уязвимость компонента Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Уязвимость компонента Omnibox браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю повысить свои привилегии

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю, действующему удалённо, выполнить произвольный код

Уязвимость обработчика JavaScript-сценариев V8 браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю, действующему удалённо, вызвать отказ в обслуживании

Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)

Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)

Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low)

Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low)