VulnerableCode Package Details - pkg:deb/debian/chromium@139.0.7258.66-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1myc-2zvg-4ufz	Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-8581
VCID-9uq1-attd-6fg9	Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)	CVE-2025-8577
VCID-cwab-m23u-n7at	Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-8583
VCID-es45-v7v3-gkcy	Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)	CVE-2025-8576
VCID-k57k-h41e-hbay	Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-8579
VCID-ke3x-ajgw-s3av	Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	CVE-2025-8578
VCID-qzrp-z4g2-yyhp	Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-8580
VCID-tfc2-749m-sqh1	Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)	CVE-2025-8582
VCID-tkvr-d1xj-ykar	chromium-browser: Side-channel information leakage in Navigation and Loading	CVE-2025-13992

Vulnerability

Summary

Aliases

VCID-1myc-2zvg-4ufz

Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-8581

VCID-9uq1-attd-6fg9

Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-8577

VCID-cwab-m23u-n7at

Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-8583

VCID-es45-v7v3-gkcy

Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)

CVE-2025-8576

VCID-k57k-h41e-hbay

CVE-2025-8579

VCID-ke3x-ajgw-s3av

Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-8578

VCID-qzrp-z4g2-yyhp

Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-8580

VCID-tfc2-749m-sqh1

Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

CVE-2025-8582

VCID-tkvr-d1xj-ykar

chromium-browser: Side-channel information leakage in Navigation and Loading

CVE-2025-13992

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T22:42:19.776010+00:00	Debian Importer	Fixing	VCID-cwab-m23u-n7at	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:19.631721+00:00	Debian Importer	Fixing	VCID-tfc2-749m-sqh1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:19.485994+00:00	Debian Importer	Fixing	VCID-1myc-2zvg-4ufz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:19.345439+00:00	Debian Importer	Fixing	VCID-qzrp-z4g2-yyhp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:19.194848+00:00	Debian Importer	Fixing	VCID-k57k-h41e-hbay	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:19.044942+00:00	Debian Importer	Fixing	VCID-ke3x-ajgw-s3av	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:18.907646+00:00	Debian Importer	Fixing	VCID-9uq1-attd-6fg9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:18.763453+00:00	Debian Importer	Fixing	VCID-es45-v7v3-gkcy	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-17T22:42:10.703806+00:00	Debian Importer	Fixing	VCID-tkvr-d1xj-ykar	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T17:48:52.571636+00:00	Debian Importer	Fixing	VCID-cwab-m23u-n7at	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:52.469660+00:00	Debian Importer	Fixing	VCID-tfc2-749m-sqh1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:52.369915+00:00	Debian Importer	Fixing	VCID-1myc-2zvg-4ufz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:52.267636+00:00	Debian Importer	Fixing	VCID-qzrp-z4g2-yyhp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:52.165073+00:00	Debian Importer	Fixing	VCID-k57k-h41e-hbay	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:52.063377+00:00	Debian Importer	Fixing	VCID-ke3x-ajgw-s3av	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:51.958187+00:00	Debian Importer	Fixing	VCID-9uq1-attd-6fg9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:51.848298+00:00	Debian Importer	Fixing	VCID-es45-v7v3-gkcy	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:46.283418+00:00	Debian Importer	Fixing	VCID-tkvr-d1xj-ykar	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:21:03.301129+00:00	Debian Importer	Fixing	VCID-cwab-m23u-n7at	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:03.264169+00:00	Debian Importer	Fixing	VCID-tfc2-749m-sqh1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:03.228073+00:00	Debian Importer	Fixing	VCID-1myc-2zvg-4ufz	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:03.192498+00:00	Debian Importer	Fixing	VCID-qzrp-z4g2-yyhp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:03.155760+00:00	Debian Importer	Fixing	VCID-k57k-h41e-hbay	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:03.121866+00:00	Debian Importer	Fixing	VCID-ke3x-ajgw-s3av	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:03.086577+00:00	Debian Importer	Fixing	VCID-9uq1-attd-6fg9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:03.052399+00:00	Debian Importer	Fixing	VCID-es45-v7v3-gkcy	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:21:00.902209+00:00	Debian Importer	Fixing	VCID-tkvr-d1xj-ykar	https://security-tracker.debian.org/tracker/data/json	38.1.0