Astra Linux - уязвимость в chromium

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

A heap buffer overflow in Extensions in Google Chrome prior to version 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted Google Chrome Extension...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data through a crafted Chrome Extension. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

Inappropriate implementation in the Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy through a crafted HTML page. Chromium security severity: Medium...

Astra Linux - уязвимость в chromium

The use of “after free” in Extensions in Google Chrome before version 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Before version 91.0.4472.101, using the "after free" mechanism in Google Chrome’s extensions allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...

Astra Linux - уязвимость в chromium

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в firefox

When a user opened the Web Extensions context menu, the Web Extension could access the post-redirect URL of the clicked element. If the Web Extension did not have the necessary WebRequest permissions for the hosts involved in the redirection, this would constitute a same-origin violation, allowin...

Astra Linux - уязвимость в chromium

The use of “after free” in Extensions in Google Chrome before version 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation through a malicious Chrome Extension...

Astra Linux - уязвимость в chromium

Before version 87.0.4280.88, using extensions in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...

RHEL 9 : webkit2gtk3 (RHSA-2026:19535)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19535 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

UBUNTU-CVE-2026-33278

NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service and possible remote code execution as a result of deep copying a data structure and erroneously overwriting a destination pointer. An adversary can exploit the...

ROS-20260520-73-0024

A vulnerability in the Extensions component of the Google Chrome and Microsoft Edge browsers is related to the ability to use memory after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2026-42959

NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a crash given malicious upstream replies. When Unbound constructs chase-reply messages for validation, the code uses the wrong counter to calculate write offsets fo...

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

Directory Traversal

Overview pymdown-extensions is an Extension pack for Python Markdown. Affected versions of this package are vulnerable to Directory Traversal in the getsnippetpath function. An attacker can access arbitrary files outside the intended directory by crafting a path that exploits improper directory...

webkitgtk: A website may be able to track users through Safari web extensions

A flaw was found in WebKitGTK. A malicious website can track users through web extensions due to improper state management...