VulnerableCode Package Details - pkg:deb/debian/chromium@139.0.7258.127-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-7hm8-q8wb-p7eb	Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CVE-2025-8881
VCID-8mta-q459-4be9	Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CVE-2025-8880
VCID-8smq-vqef-87du	Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	CVE-2025-8882
VCID-ucuj-63kk-n7cp	Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)	CVE-2025-8879
VCID-yybs-w5rv-53hn	Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)	CVE-2025-8901

Vulnerability

Summary

Aliases

VCID-7hm8-q8wb-p7eb

Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-8881

VCID-8mta-q459-4be9

Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVE-2025-8880

VCID-8smq-vqef-87du

Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-8882

VCID-ucuj-63kk-n7cp

Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)

CVE-2025-8879

VCID-yybs-w5rv-53hn

Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

CVE-2025-8901

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-14T12:05:51.077129+00:00	Debian Importer	Fixing	VCID-8smq-vqef-87du	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-14T12:01:03.081240+00:00	Debian Importer	Fixing	VCID-7hm8-q8wb-p7eb	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-14T11:55:42.912172+00:00	Debian Importer	Fixing	VCID-ucuj-63kk-n7cp	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-14T11:42:11.622630+00:00	Debian Importer	Fixing	VCID-yybs-w5rv-53hn	https://security-tracker.debian.org/tracker/data/json	37.0.0
2025-08-14T11:31:24.888080+00:00	Debian Importer	Fixing	VCID-8mta-q459-4be9	https://security-tracker.debian.org/tracker/data/json	37.0.0