Mozilla Firefox ESR < 115.26

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.26. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-57 advisory. - Memory safety bugs present in Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird ESR 128.12, Firefox E...

Mozilla -- nullptr dereference

[email protected] reports: The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref...

PT-2025-30482

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 115.26 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to...

Google Chrome V8 Integer Overflow Vulnerability

Google Chrome is a web browser developed by Google. Google Chrome V8 suffers from an integer overflow vulnerability that originates from accessing a resource using an incompatible type, which can be exploited by a remote attacker to submit a special WEB request that induces the user to parse it,...

CVE-2025-7656

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google. Google Chrome V8 suffers from an integer overflow vulnerability that originates from accessing a resource using an incompatible type, which can be exploited by a remote attacker to submit a special WEB request that induces the user to parse it,...

PT-2025-30492

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 138.0.7204.168 Microsoft Edge versions prior to 138.0.7204.168 Chromium versions prior to 138.0.7204.168 Chromium versions 138.0.7204.168-1deb12u1 Description A type confusion issue exists in the V8 JavaScript...

PT-2025-30493

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 138.0.7204.168 Description: A type confusion issue exists in the V8 JavaScript engine used in Google Chrome. This could allow a remote attacker to potentially exploit heap corruption through a specially crafted...

OSV-2025-524 Heap-buffer-overflow in JS_CallInternal

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=429330008 Crash type: Heap-buffer-overflow READ 1 Crash state: JSCallInternal asyncfuncresume jsasyncfunctionresume...

Update your Chrome to fix new actively exploited zero-day vulnerability

Google has released an update for its Chrome browser to patch an actively exploited flaw. This update is crucial since it addresses an actively exploited vulnerability which can be exploited when the user visits a malicious website. It doesn’t require any further user interaction, which means the...

PT-2025-27478

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 138.0.7204.96 Description A type confusion issue exists in the V8 JavaScript engine, which is used to execute web pages and applications. This flaw allows a remote attacker to perform arbitrary read and write...

CVE-2025-6431

When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. This bug only affects...

CVE-2025-6429

Firefox could have incorrectly parsed a URL and rewritten it to the youtube.com domain when parsing the URL specified in an embed tag. This could have bypassed website security checks that restricted which domains users were allowed to embed. This vulnerability was fixed in Firefox 140, Firefox E...

CVE-2025-6426

The executable file warning did not warn users before opening files with the terminal extension. This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.. This vulnerability was fixed in Firefox 140, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12...

DEBIAN-CVE-2025-6191

Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

CVE-2025-6191

Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Firefox

There was an integer overflow issue in the OrderedHashTable used by the JavaScript engine. This vulnerability was fixed in Firefox 139.0.4...

Astra Linux – Vulnerability in Chromium

The use of after-free in V8 in Google Chrome before version 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Integer overflow in V8 in Google Chrome prior to version 137.0.7151.119 allowed a remote attacker to potentially perform out-of-bounds memory access through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Before version 137.0.7151.55, using V8 in Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...