Astra Linux - уязвимость в chromium

The use of the after-free operation in the Webstore API in Google Chrome before version 98.0.4758.102 allowed attackers to exploit heap corruption by using a crafted HTML page. This was possible if an attacker convinced a user to install a malicious extension and compelled the user to perform...

CVE-1999-0604

An incorrect configuration of the WebStore 1.0 shopping cart CGI program "webstore.cgi" could disclose private information...

Trust Wallet Chrome Extension Hack Drains $8.5M via Shai-Hulud Supply Chain Attack

Trust Wallet on Tuesday revealed that the second iteration of the Shai-Hulud aka Sha1-Hulud supply chain outbreak in November 2025 was likely responsible for the hack of its Google Chrome extension, ultimately resulting in the theft of approximately $8.5 million in assets. "Our Developer GitHub...

EUVD-2007-4093

Malware in sbrugna...

EUVD-1999-0587

Malware in sbrugna...

EUVD-2001-1325

Malware in sbrugna...

EUVD-2021-2414

Malware in sbrugna...

EUVD-2005-1406

Malware in sbrugna...

EUVD-2001-1324

Malware in sbrugna...

EUVD-2000-0992

Malware in sbrugna...

EUVD-2008-2846

Malware in sbrugna...

EUVD-2022-15709

Malicious code in bioql PyPI...

webstore.calloways.com Cross Site Scripting vulnerability OBB-3947116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ETSI WEBstore 2023 Cross Site Scripting

Document Title: =============== ETSI WEBstore 2023 - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2327 Release Date: ============= 2023-07-26 Vulnerability Laboratory ID VL-ID: ====================================...

webstore.com Cross Site Scripting vulnerability OBB-3212094

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE CVE-2022-0605

Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

Evernote Web Clipper Same-Origin Policy Bypass Vulnerability

Evernote Web Clipper suffered from a same-origin policy bypass vulnerability. The link to the demo exploit was a 403 at the time of addition and has not been included in this post. Evernote: extension allows cross-origin iframe communication I happened to notice that the Evernote Web Clipper...

MAL-2022-3018 Malicious code in ff-webstore-e2e (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 27b491152f946c0bad55930959436c8ccaac6a656eed2b9283a284769cfd07b4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2022-0605

Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-0605

Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page...