ALT-PU-2026-5045-2

BDU:2026-04228

HIGH8.8

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4680

BDU:2026-04229

HIGH8.8

Уязвимость компонента Fonts браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4679

BDU:2026-04230

HIGH8.8

Уязвимость компонента WebAudio браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4673

BDU:2026-04231

HIGH8.8

Уязвимость компонента WebGL браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4675

BDU:2026-04232

HIGH8.8

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4674

BDU:2026-04233

HIGH8.8

Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4678

BDU:2026-04234

HIGH8.8

Уязвимость компонента WebAudio браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4677

BDU:2026-04235

HIGH8.8

Уязвимость компонента Dawn браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Published: 2026-03-30Modified: 2026-05-06

CVSS 3.xHIGH 8.8

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 2.0CRITICAL 10.0

CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C

References

CVE-2026-4676

CVE-2026-4673

HIGH8.8

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-4674

HIGH8.8

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-4675

HIGH8.8

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-4676

HIGH8.8

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-4677

HIGH8.8

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-4678

HIGH8.8

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-4679

HIGH8.8

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

CVE-2026-4680

HIGH8.8

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Published: 2026-03-24Modified: 2026-03-24

CVSS 3.xHIGH 8.8

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Package update chromium in branch sisyphus

Closed issues (16)

Уязвимость компонента FedCM браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Fonts браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента WebAudio браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента WebGL браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента CSS браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента WebGPU браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента WebAudio браузера Google Chrome, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость компонента Dawn браузера Google Chrome, позволяющая нарушителю обойти защитный механизм песочницы

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)