Search for packages
purl | pkg:deb/debian/chromium@138.0.7204.183-1 |
Next non-vulnerable version | 139.0.7258.127-1 |
Latest non-vulnerable version | 139.0.7258.127-1 |
Risk | 2.6 |
Vulnerability | Summary | Fixed by |
---|---|---|
VCID-1dj2-fmb4-tffu
Aliases: CVE-2025-8581 |
Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) |
Affected by 5 other vulnerabilities. |
VCID-44hs-aqfs-z7hm
Aliases: CVE-2025-8583 |
Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
Affected by 5 other vulnerabilities. |
VCID-6uc2-v9dq-jud1
Aliases: CVE-2025-8580 |
Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
Affected by 5 other vulnerabilities. |
VCID-7hm8-q8wb-p7eb
Aliases: CVE-2025-8881 |
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 0 other vulnerabilities. |
VCID-87q8-hpm2-skgk
Aliases: CVE-2025-8582 |
Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) |
Affected by 5 other vulnerabilities. |
VCID-8mta-q459-4be9
Aliases: CVE-2025-8880 |
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. |
VCID-8smq-vqef-87du
Aliases: CVE-2025-8882 |
Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 0 other vulnerabilities. |
VCID-dr54-pmjh-ayba
Aliases: CVE-2025-8292 |
Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
Affected by 5 other vulnerabilities. |
VCID-gmfy-2f35-fbds
Aliases: CVE-2025-8579 |
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) |
Affected by 5 other vulnerabilities. |
VCID-jntf-wzkr-vubd
Aliases: CVE-2025-8576 |
Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) |
Affected by 5 other vulnerabilities. |
VCID-sghr-z7g1-jugg
Aliases: CVE-2025-8577 |
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 5 other vulnerabilities. |
VCID-tgh6-yp1h-aucp
Aliases: CVE-2025-8578 |
Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) |
Affected by 5 other vulnerabilities. |
VCID-ucuj-63kk-n7cp
Aliases: CVE-2025-8879 |
Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. |
VCID-yybs-w5rv-53hn
Aliases: CVE-2025-8901 |
Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) |
Affected by 0 other vulnerabilities. |
Vulnerability | Summary | Aliases |
---|---|---|
This package is not known to fix vulnerabilities. |
Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
---|---|---|---|---|---|
2025-08-14T12:05:51.067400+00:00 | Debian Importer | Affected by | VCID-8smq-vqef-87du | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-14T12:01:03.071635+00:00 | Debian Importer | Affected by | VCID-7hm8-q8wb-p7eb | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-14T11:55:42.902905+00:00 | Debian Importer | Affected by | VCID-ucuj-63kk-n7cp | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-14T11:42:11.613088+00:00 | Debian Importer | Affected by | VCID-yybs-w5rv-53hn | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-14T11:31:24.876989+00:00 | Debian Importer | Affected by | VCID-8mta-q459-4be9 | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:59:36.836039+00:00 | Debian Importer | Affected by | VCID-tgh6-yp1h-aucp | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:39:53.402356+00:00 | Debian Importer | Affected by | VCID-6uc2-v9dq-jud1 | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:29:44.847638+00:00 | Debian Importer | Affected by | VCID-44hs-aqfs-z7hm | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:27:43.857214+00:00 | Debian Importer | Affected by | VCID-jntf-wzkr-vubd | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:21:57.781824+00:00 | Debian Importer | Affected by | VCID-gmfy-2f35-fbds | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:17:35.489223+00:00 | Debian Importer | Affected by | VCID-sghr-z7g1-jugg | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:12:04.951801+00:00 | Debian Importer | Affected by | VCID-87q8-hpm2-skgk | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-07T12:03:27.116860+00:00 | Debian Importer | Affected by | VCID-1dj2-fmb4-tffu | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |
2025-08-01T13:17:01.498594+00:00 | Debian Importer | Affected by | VCID-dr54-pmjh-ayba | https://security-tracker.debian.org/tracker/data/json | 37.0.0 |