ALT Linux Team

Package chromium update in p11 on 2025-05-30

ALT-PU-2025-6902-2

Package chromium updated to version 136.0.7103.113-alt0.p11.1 for branch p11 in task 384122.

Closed vulnerabilities

Published: 2025-05-05

BDU:2025-05679

Уязвимость загрузчика браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References:
Published: 2025-04-30

BDU:2025-05690

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
Published: 2025-04-30

BDU:2025-05691

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
Published: 2025-04-30

BDU:2025-05692

Уязвимость компонента HTML браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
Published: 2025-04-30

BDU:2025-05693

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
References:
Published: 2025-04-22

BDU:2025-06110

Уязвимость IPC-библиотеки Mojo браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
References:
Published: 2025-05-05
Modified: 2025-05-28

CVE-2025-4050

Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

References:
Published: 2025-05-05
Modified: 2025-05-28

CVE-2025-4051

Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium)

References:
Published: 2025-05-05
Modified: 2025-05-28

CVE-2025-4052

Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low)

References:
Published: 2025-05-05
Modified: 2025-05-28

CVE-2025-4096

Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

References:
Published: 2025-05-07
Modified: 2025-05-28

CVE-2025-4372

Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

References:

CVE-2025-4609

No data currently available.

Published: 2025-05-14
Modified: 2025-05-16

CVE-2025-4664

Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.1
Back to top