All errata/sisyphus/ALT-PU-2025-6030-3
ALT-PU-2025-6030-3

Package update yandex-browser-stable in branch sisyphus

Version25.2.4.1000-alt1
Task#382744
Published2026-02-04
Max severityCRITICAL
Severity:

Closed issues (5)

BDU:2025-02568
HIGH8.8

Уязвимость изолированной среды Web Content модуля отображения веб-страниц WebKit браузера Safari и операционных систем visionOS, iOS, iPadOS, macOS, позволяющая нарушителю выполнить произвольный код

Published: 2025-03-12Modified: 2026-03-04
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
BDU:2025-03258
HIGH8.8

Уязвимость компонента Mojo браузера Google Chrome для операционных систем Windows, позволяющая нарушителю обойти существующие ограничения безопасности и выполнить произвольный код

Published: 2025-03-26Modified: 2025-10-27
CVSS 3.xHIGH 8.8
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0CRITICAL 10.0
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2025-24201
CRITICAL10.0

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 17.2.).

Published: 2025-03-11Modified: 2026-04-03
CVSS 3.xCRITICAL 10.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
References
CVE-2025-2783
HIGH8.3

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

Published: 2025-03-26Modified: 2025-10-24
CVSS 3.xHIGH 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References
GHSA-f87w-3j5w-v58p
HIGH8.3

CefSharp affected by incorrect handle provided in unspecified circumstances in Mojo on Windows

Published: 2025-04-12
CVSS 3.xHIGH 8.3
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
References