Google Chrome 安全漏洞

Google Chrome is a free web browser developed by Google Inc. Google Chrome suffers from a policy enforcement insufficiency vulnerability, which stems from Devtools Policy Enforcement Insufficiency, and can be exploited by an attacker to cause a cross-origin data leak...

Access Control Bypass

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Access Control Bypass due to insufficient Content Security Policy enforcement in the Network.loadNetworkResource method of the DevTools protocol network handler. An attacker can exfiltrat...

Improper Neutralization

Overview chrome-devtools-frontend is a Chrome DevTools UI Affected versions of this package are vulnerable to Improper Neutralization due to insufficient sanitization of special whitespace characters in the escapeStringWin function. An attacker can execute arbitrary code by crafting malicious inp...

CVE-2025-12909

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...

EUVD-2025-38336

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...

CVE-2025-12909

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...

CVE-2025-12909

Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. Chromium security severity: Low...

CVE-2025-12909

CVE-2025-12909 affects Google Chrome via Devtools: Insufficient policy enforcement in Devtools allows a remote attacker to leak cross-origin data. The vulnerability is tied to Chrome versions before 140.0.7339.80. Affected component: Devtools policy enforcement in Chrome/Chromium. Impact per sour...

CVE-2025-12907

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Chromium security severity: Low...

CVE-2025-12907

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Chromium security severity: Low...

CVE-2025-12907

CVE-2025-12907 affects Google Chrome DevTools (in Chrome prior to 140.0.7339.80). The issue is insufficient validation of untrusted input in DevTools, enabling a remote attacker to achieve arbitrary code execution via user actions in DevTools. Connected sources confirm the vulnerability exists in...

CVE-2025-12907

Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to execute arbitrary code via user action in Devtools. Chromium security severity: Low...

EUVD-2025-38187

Nuxt DevTools vulnerable to cross-site scripting XSS...

@andor83/mother-may-i (>=1.0.1 <=1.0.10), @bloggrify/bento (>=0.9.1 <=1.0.0) +46 more potentially affected by CVE-2025-52662 via @nuxt/devtools (>=0.1.6 <=2.6.3)

@nuxt/devtools NPM version =0.1.6, =1.0.1, =0.9.1, =1.1.1, =1.0.1, =1.1.0, =0.0.4, =8.3.3, =1.1.1, =0.0.1, =0.3.14, =9.8.3, =1.12.0-rc.5, =0.0.1, =0.0.3 and more Source cves: CVE-2025-52662 Source advisory: OSV:GHSA-XMQ3-Q5PM-RP26...

GHSA-XMQ3-Q5PM-RP26 Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...

Nuxt DevTools vulnerable to cross-site scripting (XSS)

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade...

@dargmuesli/nuxt-vio (>=16.0.5 <=18.3.14) potentially affected by CVE-2025-52662 via @nuxt/devtools (>=2.0.0 <=2.6.3)

@nuxt/devtools NPM version =2.0.0, =16.0.5, =18.3.14 Source cves: CVE-2025-52662 Source advisory: SNYK:JS-NUXTDEVTOOLS-13849298...

Cross-site Scripting (XSS)

Overview @nuxt/devtools is a Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper sanitization of error messages on DevTools authentication page. An attacker can extract authentication tokens by tricking a user into interacting with maliciously crafted...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...

CVE-2025-52662

A vulnerability in Nuxt DevTools has been fixed in version 2.6.4. This issue may have allowed Nuxt auth token extraction via XSS under certain configurations. All users are encouraged to upgrade. More details: https://vercel.com/changelog/cve-2025-52662-xss-on-nuxt-devtools...