OPENSUSE-SU-2025:0018-1 Security update for chromium

This update for chromium fixes the following issues: - Chromium 132.0.6834.83 stable released 2024-01-14 boo1235892 CVE-2025-0434: Out of bounds memory access in V8 CVE-2025-0435: Inappropriate implementation in Navigation CVE-2025-0436: Integer overflow in Skia CVE-2025-0437: Out of bounds read ...

Google Chrome Security Bypass Vulnerability (CNVD-2025-06042)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that is caused due to insufficient data validation in extensions. An attacker can exploit this vulnerability to bypass security restrictions...

Ubuntu 22.04 LTS / 24.04 LTS / 24.10 : .NET vulnerabilities (USN-7210-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7210-1 advisory. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly u...

USN-7210-1 dotnet8, dotnet9 vulnerabilities

It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. CVE-2025-21171 It was discovered that .NET did not properly handle an integer overflow when processing certain specially...

Chromium: CVE-2025-0443 Insufficient data validation in Extensions

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

SUSE CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-0443

CVE-2025-0443 affects Google Chrome/Chromium with insufficient data validation in Extensions, allowing privilege escalation when a user is tricked into specific UI gestures via a crafted HTML page. Connected sources confirm Chrome/Chromium and show remediation in Chrome 132.0.6834.83 (and Debian’...

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...

PT-2025-1284 · Microsoft +5 · Edge +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue exists due to insufficient data validation in the Extensions component of Google Chrome and Microsoft Edge, allowing a remote...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 16 security fixes: 374627491 High CVE-2025-0434: Out of bounds memory access in V8. Reported by ddme on 2024-10-21 379652406 High CVE-2025-0435: Inappropriate implementation in Navigation. Reported by Alesandro Ortiz on 2024-11-18 382786791 High...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 9 security bugs in Chromium: CVE-2024-12693: Out of bounds memory access in V8 CVE-2024-12694: Use after free in Compositing CVE-2025-0436: Integer overflow in Skia CVE-2025-0437: Out of bounds read in Metrics CVE-2025-0438: Stack buffer overflo...

PT-2025-19756 · Chromium +3 · Chromium +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 136.0.7103.59 chromium in Debian Linux affected versions not specified Description: The issue is related to insufficient data validation in DevTools, allowing a remote attacker to bypass discretionary access...

CVE-2024-13049

Ashlar-Vellum Cobalt XE is affected by a type confusion in the XE file parser caused by insufficient validation of user-supplied data. This vulnerability can allow code execution in the context of the target process, requiring user interaction (e.g., viewing a malicious page or file). Multiple so...

Ashlar Vellum Cobalt 缓冲区错误漏洞

Ashlar Vellum Cobalt is a parameter-based computer-aided design and 3D modeling program from Ashlar. Ashlar Vellum Cobalt suffers from a buffer error vulnerability that stems from a lack of proper validation of user-supplied data. An attacker could exploit the vulnerability to execute code in the...

Foxit PDF Reader 缓冲区错误漏洞

Foxit PDF Reader is China Foxit Foxit company a PDF reader. Foxit PDF Reader suffers from a buffer overflow vulnerability that stems from a lack of proper validation of user-supplied data, resulting in a memory corruption condition that can be exploited by a remote attacker to execute code in the...