ALT-PU-2025-6902-3

Package chromium updated to version 136.0.7103.113-alt0.p11.1 for branch p11 in task 384122.

Уязвимость загрузчика браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Severity: MEDIUM (5.0)Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

References:

CVE-2025-4664

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2025-4050

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2025-4051

Уязвимость компонента HTML браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2025-4096

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2025-4052

Уязвимость IPC-библиотеки Mojo браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3)Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2025-4609

Уязвимость компонента WebAudio браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании

Severity: HIGH (8.8)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: CRITICAL (10.0)Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

References:

CVE-2025-4372

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Severity: MEDIUM (5.4)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: MEDIUM (6.4)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

References:

CVE-2025-13097

Уязвимость компонента Lens браузера Google Chrome, позволяющая нарушителю подменить пользовательский интерфейс

Severity: MEDIUM (6.3)Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Severity: HIGH (7.5)Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

References:

CVE-2024-13983

Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low)

Severity: MEDIUM (6.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (5.4)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

Severity: MEDIUM (6.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

References:

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

Severity: CRITICAL (9.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Severity: HIGH (8.8)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Severity: CRITICAL (9.6)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

References:

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (4.3)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

Version: 2.1.2

Package chromium update in p11 on 2025-05-30

ALT-PU-2025-6902-3

Closed vulnerabilities

BDU:2025-05679

BDU:2025-05690

BDU:2025-05691

BDU:2025-05692

BDU:2025-05693

BDU:2025-06110

BDU:2025-06211

BDU:2025-14876

BDU:2025-14881

CVE-2024-13983

CVE-2025-13097

CVE-2025-4050

CVE-2025-4051

CVE-2025-4052

CVE-2025-4096

CVE-2025-4372

CVE-2025-4609

CVE-2025-4664