52 matches found
EUVD-2026-34642
Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11181
Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11181
Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11181
Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11181
CVE-2026-11181 involves an insecure implementation in Chrome’s Media Session. Prior to version 149.0.7827.53, this allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected software is Google Chrome (Chromium-based); exact impact is the bypass of same-origin pro...
PT-2026-46708
Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy bsc1261172. CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected proces...
SUSE-SU-2026:1749-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy bsc1261172. - CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected...
Astra Linux - уязвимость в chromium
The use of after free in the Media Session in Google Chrome before version 125.0.6422.141 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
SUSE SLES12 Security Update : webkit2gtk3 (SUSE-SU-2026:1648-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1648-1 advisory. Update to version 2.52.1. Security issues fixed: - CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.52.1. Security issues fixed: CVE-2026-20643: processing maliciously crafted web content may bypass Same Origin Policy bsc1261172. CVE-2026-20664: processing maliciously crafted web content may lead to an unexpected proces...
Fedora 43 : webkitgtk (2026-431948187d)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-431948187d advisory. Update to 2.52.1. Notable changes from 2.50 to 2.52: Make text look like in other browsers by blending in linear color space. Improved rendering...
Fedora 44 : webkitgtk (2026-f00460a7d9)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f00460a7d9 advisory. Update to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is...
CVE-2025-48573
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48573
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2025-48573
In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
EUVD-2024-46706
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-20964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or...
CVE-2023-21285
In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2023-21280
In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...