VulnerableCode Package Details - pkg:apk/alpine/qt6-qtwebengine@6.9.1-r3?arch=aarch64&distroversion=edge&reponame=community

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-2ngt-7pmw-yqdu	Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CVE-2025-6192
VCID-39u9-vf11-4qd6	Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CVE-2025-8010
VCID-43dh-62vg-myda	Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CVE-2025-7656
VCID-54sp-9hcq-skh6	Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-6556
VCID-8qta-157v-ubac	Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-6557
VCID-chwf-3ees-vucx	Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.	CVE-2025-8881
VCID-cnvn-bkhg-a3dw	Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CVE-2025-7657
VCID-edca-yux6-hfg2	chromium: Chrome V8 Type Confusion Read/Write	CVE-2025-6554
VCID-es45-v7v3-gkcy	Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)	CVE-2025-8576
VCID-gj24-r1kr-1qg7	Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.	CVE-2025-8880
VCID-ke3x-ajgw-s3av	Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	CVE-2025-8578
VCID-qb26-d55m-yqe6	Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)	CVE-2025-6191
VCID-qff9-euj8-u7f4	Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.	CVE-2025-8901
VCID-qzrp-z4g2-yyhp	Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-8580
VCID-tfc2-749m-sqh1	Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-8582
VCID-u9mq-tb44-4kbc	Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.	CVE-2025-8879
VCID-vk4e-qufz-5ffp	angle: insufficient input validation can cause undefined behavior	CVE-2025-6558

Vulnerability

Summary

Aliases

VCID-2ngt-7pmw-yqdu

Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-6192

VCID-39u9-vf11-4qd6

Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-8010

VCID-43dh-62vg-myda

Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-7656

VCID-54sp-9hcq-skh6

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-6556

VCID-8qta-157v-ubac

Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-6557

VCID-chwf-3ees-vucx

Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.

CVE-2025-8881

VCID-cnvn-bkhg-a3dw

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

CVE-2025-7657

VCID-edca-yux6-hfg2

chromium: Chrome V8 Type Confusion Read/Write

CVE-2025-6554

VCID-es45-v7v3-gkcy

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

CVE-2025-8576

VCID-gj24-r1kr-1qg7

Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.

CVE-2025-8880

VCID-ke3x-ajgw-s3av

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-8578

VCID-qb26-d55m-yqe6

Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVE-2025-6191

VCID-qff9-euj8-u7f4

Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.

CVE-2025-8901

VCID-qzrp-z4g2-yyhp

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-8580

VCID-tfc2-749m-sqh1

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-8582

VCID-u9mq-tb44-4kbc

Multiple vulnerabilities have been discovered in Chromium and its derivatives, the worst of which can lead to remote code execution.

CVE-2025-8879

VCID-vk4e-qufz-5ffp

angle: insufficient input validation can cause undefined behavior

CVE-2025-6558

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-08T06:24:54.315909+00:00	Alpine Linux Importer	Fixing	VCID-edca-yux6-hfg2	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-07T13:58:41.035582+00:00	Alpine Linux Importer	Fixing	VCID-cnvn-bkhg-a3dw	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-07T13:57:27.190063+00:00	Alpine Linux Importer	Fixing	VCID-39u9-vf11-4qd6	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-06T04:51:42.754001+00:00	Alpine Linux Importer	Fixing	VCID-qzrp-z4g2-yyhp	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-06T04:49:06.228854+00:00	Alpine Linux Importer	Fixing	VCID-chwf-3ees-vucx	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:57:40.091544+00:00	Alpine Linux Importer	Fixing	VCID-u9mq-tb44-4kbc	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:57:20.063894+00:00	Alpine Linux Importer	Fixing	VCID-2ngt-7pmw-yqdu	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:55:52.558312+00:00	Alpine Linux Importer	Fixing	VCID-8qta-157v-ubac	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:51:20.227634+00:00	Alpine Linux Importer	Fixing	VCID-es45-v7v3-gkcy	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-03T17:48:39.799594+00:00	Alpine Linux Importer	Fixing	VCID-qb26-d55m-yqe6	https://secdb.alpinelinux.org/edge/community.json	38.1.0
2026-04-01T19:20:09.928012+00:00	Alpine Linux Importer	Fixing	VCID-54sp-9hcq-skh6	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:11:41.852750+00:00	Alpine Linux Importer	Fixing	VCID-43dh-62vg-myda	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T19:07:59.726730+00:00	Alpine Linux Importer	Fixing	VCID-gj24-r1kr-1qg7	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T18:55:06.019562+00:00	Alpine Linux Importer	Fixing	VCID-qff9-euj8-u7f4	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T18:54:46.668285+00:00	Alpine Linux Importer	Fixing	VCID-ke3x-ajgw-s3av	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T18:51:19.134698+00:00	Alpine Linux Importer	Fixing	VCID-tfc2-749m-sqh1	https://secdb.alpinelinux.org/edge/community.json	38.0.0
2026-04-01T18:50:18.465759+00:00	Alpine Linux Importer	Fixing	VCID-vk4e-qufz-5ffp	https://secdb.alpinelinux.org/edge/community.json	38.0.0