Google Chrome 跨站脚本漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by out-of-bounds memory access in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...

PT-2025-1263 · Google +5 · Google Chrome +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Chromium versions prior to 132.0.6834.83-1deb12u1 Description: A vulnerability exists in the V8 JavaScript engine of Google Chrome and Microsoft Edge due to the lack of protection for the web page...

CVE-2025-23108

Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability was fixed in Firefox for iOS 134...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page...

SUSE CVE-2025-0291

Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2025-0242

Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod...

CVE-2025-0247

Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 134 and Thunderbird 134...

CVE-2025-0244

When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected.. This vulnerability was fixed in Firefox 134...

CVE-2025-0239

When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

CVE-2025-0246

When using an invalid protocol scheme, an attacker could spoof the address bar. Note: This issue only affected Android operating systems. Other operating systems are unaffected. Note: This issue is a different issue from CVE-2025-0244. This vulnerability was fixed in Firefox 134...

CVE-2025-0238

Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Firefox ESR 115.19, Thunderbird 134, and Thunderbird 128.6...

CVE-2025-0240

Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6...

PT-2025-49857

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 140.6 Description The JavaScript Engine’s JIT component contains a JIT miscompilation issue. Recommendations Update Firefox to version 146 or later. Update Firefox ESR to version 140....

PT-2025-25775

Name of the Vulnerable Software and Affected Versions Debian Linux affected versions not specified Description The issue is related to an integer overflow. It was reported by Shaheen Fazim. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-38298

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 140.0.7339.185 Description A type confusion issue exists in the V8 JavaScript and WebAssembly engine. This flaw allows a remote attacker to potentially exploit heap corruption via a crafted HTML page, which can...

PT-2025-49852

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 140.6 Thunderbird versions prior to 146 Thunderbird versions prior to 140.6 Description The JavaScript Engine contains a JIT miscompilation issue within the JIT component. This relate...

PT-2025-49851

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 Description The JavaScript Engine contains a JIT miscompilation issue within its JIT component. This can lead to potential problems during...

SUSE CVE-2024-12693

Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2024-12695

Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a code execution vulnerability that is caused by an out-of-bounds write in V8. An attacker can exploit the vulnerability to execute arbitrary code on the system...