ALT Linux Team

Package chromium update in sisyphus on 2025-04-16

ALT-PU-2025-5643-2

Package chromium updated to version 135.0.7049.95-alt1 for branch sisyphus in task 381794.

Closed vulnerabilities

Published: 2025-04-25
Modified: 2026-03-04

BDU:2025-04921

Уязвимость интерфейса для подключения периферийных устройств USB браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-05-14
Modified: 2026-03-04

BDU:2025-05424

Уязвимость компонента Codecs браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2025-04-16
Modified: 2025-07-15

CVE-2025-3619

Heap buffer overflow in Codecs in Google Chrome on Windows prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2025-04-16
Modified: 2025-04-23

CVE-2025-3620

Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top