Linux Distros Unpatched Vulnerability : CVE-2025-2509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process,...

EUVD-2022-51796

Malicious code in bioql PyPI...

EUVD-2025-13390

Malicious code in bioql PyPI...

CVE-2025-2509

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in utilformatdescription...

CVE-2025-2509

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in utilformatdescription...

CVE-2025-2509

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in utilformatdescription...

The vulnerability of the crosvm component in the Google Chrome browser allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the crosvm component in Google Chrome relates to insufficient protection of service data. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

SUSE CVE-2022-4452

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-4452

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

Input validation

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-4452

Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-4452

CVE-2022-4452 affects Google Chrome’s crosvm component. Prior to 107.0.5304.62, insufficient data validation could enable a remote attacker to cause object corruption via a crafted HTML page. Impact is described as High (remote, no user privileges, high confidentiality/integrity/availability impa...

PT-2023-5988 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 107.0.5304.62 Description: The issue is related to insufficient data validation in the crosvm component of Google Chrome, which could allow a remote attacker to exploit object corruption via a crafted HTML page...

Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket

Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket ======================= BUG DESCRIPTION ======================= There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889...