ALT-PU-2025-8541-2

BDU:2025-08582

MEDIUM5.4

Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2025-07-16Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

References

CVE-2025-6555

BDU:2025-09102

MEDIUM5.4

Уязвимость компонента DevTools браузеров Google Chrome, позволяющая нарушителю выполнить произвольный код

Published: 2025-07-28Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

References

CVE-2025-6557

BDU:2025-09103

MEDIUM5.4

Уязвимость компонента Loader браузеров Google Chrome, позволяющая нарушителю обойти ограничения безопасности

Published: 2025-07-28Modified: 2026-03-04

CVSS 3.xMEDIUM 5.4

CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 6.4

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:N

References

CVE-2025-6556

CVE-2025-6555

MEDIUM5.4

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Published: 2025-06-24Modified: 2025-07-02

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

CVE-2025-6556

MEDIUM5.4

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Published: 2025-06-24Modified: 2025-07-02

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

CVE-2025-6557

MEDIUM5.4

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

Published: 2025-06-24Modified: 2025-07-15

CVSS 3.xMEDIUM 5.4

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References

Package update chromium in branch sisyphus

Closed issues (6)

Уязвимость компонента Animation браузера Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента DevTools браузеров Google Chrome, позволяющая нарушителю выполнить произвольный код

Уязвимость компонента Loader браузеров Google Chrome, позволяющая нарушителю обойти ограничения безопасности

Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)