Search for packages
| purl | pkg:deb/debian/chromium@139.0.7258.66-1 |
| Next non-vulnerable version | 139.0.7258.127-1 |
| Latest non-vulnerable version | 139.0.7258.127-1 |
| Risk | 2.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7hm8-q8wb-p7eb
Aliases: CVE-2025-8881 |
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 0 other vulnerabilities. |
|
VCID-8mta-q459-4be9
Aliases: CVE-2025-8880 |
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. |
|
VCID-8smq-vqef-87du
Aliases: CVE-2025-8882 |
Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 0 other vulnerabilities. |
|
VCID-ucuj-63kk-n7cp
Aliases: CVE-2025-8879 |
Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. |
|
VCID-yybs-w5rv-53hn
Aliases: CVE-2025-8901 |
Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1dj2-fmb4-tffu | Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
CVE-2025-8581
|
| VCID-44hs-aqfs-z7hm | Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
CVE-2025-8583
|
| VCID-6uc2-v9dq-jud1 | Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
CVE-2025-8580
|
| VCID-87q8-hpm2-skgk | Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) |
CVE-2025-8582
|
| VCID-dr54-pmjh-ayba | Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
CVE-2025-8292
|
| VCID-gmfy-2f35-fbds | Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
CVE-2025-8579
|
| VCID-jntf-wzkr-vubd | Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) |
CVE-2025-8576
|
| VCID-sghr-z7g1-jugg | Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
CVE-2025-8577
|
| VCID-tgh6-yp1h-aucp | Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
CVE-2025-8578
|