Stable Channel Update for Desktop

The Stable channel has been updated to 148.0.7778.167/168 for Windows/Mac and 148.0.7778.167 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...

CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

SUSE CVE-2017-5066

Insufficient consistency checks in signature handling in the networking stack in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to incorrectly accept a badly formed X.509 certificate via a crafted HTML page...

CVE-2022-41874

CVE-2022-41874 affects Tauri up to versions prior to 1.0.7 and 1.1.2, where incorrect escaping in file dialog and drag-and-drop paths can partially bypass the fs scope definition. The bypass is limited to neighboring files/subfolders of already allowed paths and depends on the user selecting a pr...

CVE-2022-23597

Element Desktop before 1.9.7 is vulnerable to a remote code execution bug via user interaction that requires a malicious link click followed by another button click. The attacker can specify a binary path on the victim’s machine for execution (arguments cannot be set), and in some configurations ...

Mozilla Firefox Denial Of Service

Exploit Title: Mozilla Firefox 72 Denial of Service Date: 2/1/20 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://mozilla.org Software Link: https://firefox.com Version: 71.0 and below Tested on: Firefox 68.0, 69.0, 70.0, 71.0 Mozilla Firefox 72 Denial of Service ...

Zoom Client Message Spoofing Vulnerability

Zoom Client is a video conferencing endpoint from Zoom USA that supports multiple platforms. A message spoofing vulnerability exists in Zoom Client. An attacker can construct malicious UDP packets to remotely control users using the desktop version of Zoom including MacOS, Linux, and Windows on t...

chromium-browser: extension verification bypass

Lack of verification of an extension's locale folder in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed an attacker with local write access to modify extensions by modifying extension files...

flash-plugin: crash and potential arbitrary code execution (APSB11-12)

Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to obtain sensitive information via unspecified vectors...