SUSE CVE-2025-10585

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

VulnCheck KEV: CVE-2025-10585

Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

KLA88206 Mutltiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in ANGLE can be exploited to to cause denial of service. 2...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 4 security fixes: 445380761 High CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16 435875050 High CVE-2025-10500: Use after free in Dawn. Reported by Giunash Gyujeong Jin on 2025-08-03 440737137 High...

CVE-2025-10535

Information disclosure, mitigation bypass in the Privacy component in Firefox for Android. This vulnerability was fixed in Firefox 143...

CVE-2025-10528

Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

CVE-2025-10532

Incorrect boundary conditions in the JavaScript: GC component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

CVE-2025-10529

Same-origin policy bypass in the Layout component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3...

Important: firefox

Issue Overview: Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2. CVE-2025-6703 An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-2999 (ALAS-2025-2999)

The version of thunderbird installed on the remote host is prior to 140.2.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2999 advisory. Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: fr...

Fedora 43 : chromium (2025-e8d34c61f8)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-e8d34c61f8 advisory. Update to 140.0.7339.80 CVE-2025-9864: Use after free in V8 CVE-2025-9865: Inappropriate implementation in Toolbar CVE-2025-9866: Inappropriate...

OESA-2025-2292 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

Type Confusion

V8 in Google Chrome is vulnerable to Type Confusion. The vulnerability is due to improper handling of object types in the V8 JavaScript engine, which allows a remote attacker to exploit heap corruption by supplying a crafted HTML page...

PT-2025-44688

Name of the Vulnerable Software and Affected Versions Google Chrome affected versions not specified Description A flaw exists in Google Chrome that could allow attackers to impact the system. The issue is an out-of-bounds read within the V8 JavaScript engine. Microsoft Edge, being Chromium-based,...

Linux Distros Unpatched Vulnerability : CVE-2015-3333

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service o...

Linux Distros Unpatched Vulnerability : CVE-2015-2238

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or...

Linux Distros Unpatched Vulnerability : CVE-2011-2830

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Google V8, as used in Google Chrome before 14.0.835.163, does not properly implement script object wrappers, which allows remote attackers to cause a denial of...

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Red Hat Product Security has rated this update ...

thunderbird: firefox: Uninitialized memory in the JavaScript Engine component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Uninitialized memory in the JavaScript Engine component...

Empirical Security Analysis of Software-Based Fault Isolation through Controlled Fault Injection

We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack vector is JavaScript, which exposes a large attack surface d...