ALT-PU-2026-3705-1

BDU:2026-01826

HIGH8.8

Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-16Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-2315

BDU:2026-01827

MEDIUM6.5

Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Published: 2026-02-16Modified: 2026-05-06

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2026-2316

BDU:2026-01828

MEDIUM6.5

Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

Published: 2026-02-16Modified: 2026-05-06

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N

References

CVE-2026-2317

BDU:2026-01829

MEDIUM6.5

Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

Published: 2026-02-16Modified: 2026-05-06

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2026-2318

BDU:2026-01830

MEDIUM5.4

Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Published: 2026-02-16Modified: 2026-05-06

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:P

References

CVE-2026-2322

BDU:2026-01937

HIGH8.8

Уязвимость библиотеки libvpx браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-1861

BDU:2026-01938

HIGH8.8

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-1862

BDU:2026-01939

HIGH8.8

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-2313

BDU:2026-01940

HIGH8.8

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-2314

BDU:2026-01941

HIGH7.5

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0HIGH 7.6

CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:C

References

CVE-2026-2319

BDU:2026-01942

MEDIUM6.5

Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xMEDIUM 6.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:C/A:N

References

CVE-2026-2320

BDU:2026-01943

HIGH8.8

Уязвимость компонента Ozone браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-2321

BDU:2026-01944

MEDIUM4.3

Уязвимость компонента Downloads браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xMEDIUM 4.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:P/A:N

References

CVE-2026-2323

BDU:2026-01947

HIGH8.8

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-02-18Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-2441

CVE-2026-1861

HIGH8.8

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-03Modified: 2026-02-11

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-1862

HIGH8.8

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-03Modified: 2026-02-11

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2313

HIGH8.8

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2314

HIGH8.8

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2315

HIGH8.8

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2316

MEDIUM6.5

Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2026-2317

MEDIUM6.5

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References

CVE-2026-2318

MEDIUM6.5

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2026-2319

HIGH7.5

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2320

MEDIUM6.5

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xMEDIUM 6.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References

CVE-2026-2321

HIGH8.8

Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-02-11Modified: 2026-02-25

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2322

MEDIUM5.4

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

References

CVE-2026-2323

MEDIUM4.3

Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Published: 2026-02-11Modified: 2026-02-13

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

References

CVE-2026-2441

HIGH8.8

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-13Modified: 2026-02-23

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2648

HIGH8.8

Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)

Published: 2026-02-18Modified: 2026-02-19

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2649

HIGH8.8

Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-18Modified: 2026-02-19

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-2650

HIGH8.8

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Published: 2026-02-18Modified: 2026-02-19

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-3061

CRITICAL9.1

Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-23Modified: 2026-02-25

CVSS 3.xCRITICAL 9.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

References

CVE-2026-3062

CRITICAL9.8

Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Published: 2026-02-23Modified: 2026-02-25

CVSS 3.xCRITICAL 9.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

CVE-2026-3063

MEDIUM5.4

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)

Published: 2026-02-23Modified: 2026-02-25

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

Package update chromium in branch sisyphus_loongarch64

Closed issues (34)

Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость функции конфиденциальности Fenced Frames браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

Уязвимость компонента PictureInPicture браузера Google Chrome, позволяющая нарушителю оказать воздействие на конфиденциальность защищаемой информации

Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Уязвимость библиотеки libvpx браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость обработчика JavaScript-сценариев V8 браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Codecs браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента DevTools браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента File input браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Уязвимость компонента Ozone браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Downloads браузера Google Chrome, позволяющая нарушителю осуществить подмену пользовательского интерфейса

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Heap buffer overflow in libvpx in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Type Confusion in V8 in Google Chrome prior to 144.0.7559.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in CSS in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit object corruption via a malicious file. (Chromium security severity: Medium)

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Use after free in Ozone in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in File input in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Downloads in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)

Integer overflow in V8 in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. (Chromium security severity: High)