Search for packages
Package details: pkg:deb/debian/chromium@138.0.7204.183-1
purl pkg:deb/debian/chromium@138.0.7204.183-1
Next non-vulnerable version 139.0.7258.127-1
Latest non-vulnerable version 139.0.7258.127-1
Risk 2.6
Vulnerabilities affecting this package (14)
Vulnerability Summary Fixed by
VCID-1dj2-fmb4-tffu
Aliases:
CVE-2025-8581
Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-44hs-aqfs-z7hm
Aliases:
CVE-2025-8583
Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-6uc2-v9dq-jud1
Aliases:
CVE-2025-8580
Inappropriate implementation in Filesystems in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-7hm8-q8wb-p7eb
Aliases:
CVE-2025-8881
Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
139.0.7258.127-1
Affected by 0 other vulnerabilities.
VCID-87q8-hpm2-skgk
Aliases:
CVE-2025-8582
Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-8mta-q459-4be9
Aliases:
CVE-2025-8880
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
139.0.7258.127-1
Affected by 0 other vulnerabilities.
VCID-8smq-vqef-87du
Aliases:
CVE-2025-8882
Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
139.0.7258.127-1
Affected by 0 other vulnerabilities.
VCID-dr54-pmjh-ayba
Aliases:
CVE-2025-8292
Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-gmfy-2f35-fbds
Aliases:
CVE-2025-8579
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-jntf-wzkr-vubd
Aliases:
CVE-2025-8576
Use after free in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-sghr-z7g1-jugg
Aliases:
CVE-2025-8577
Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-tgh6-yp1h-aucp
Aliases:
CVE-2025-8578
Use after free in Cast in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
139.0.7258.66-1
Affected by 5 other vulnerabilities.
VCID-ucuj-63kk-n7cp
Aliases:
CVE-2025-8879
Heap buffer overflow in libaom in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to potentially exploit heap corruption via a curated set of gestures. (Chromium security severity: High)
139.0.7258.127-1
Affected by 0 other vulnerabilities.
VCID-yybs-w5rv-53hn
Aliases:
CVE-2025-8901
Out of bounds write in ANGLE in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)
139.0.7258.127-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-08-14T12:05:51.067400+00:00 Debian Importer Affected by VCID-8smq-vqef-87du https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-14T12:01:03.071635+00:00 Debian Importer Affected by VCID-7hm8-q8wb-p7eb https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-14T11:55:42.902905+00:00 Debian Importer Affected by VCID-ucuj-63kk-n7cp https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-14T11:42:11.613088+00:00 Debian Importer Affected by VCID-yybs-w5rv-53hn https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-14T11:31:24.876989+00:00 Debian Importer Affected by VCID-8mta-q459-4be9 https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:59:36.836039+00:00 Debian Importer Affected by VCID-tgh6-yp1h-aucp https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:39:53.402356+00:00 Debian Importer Affected by VCID-6uc2-v9dq-jud1 https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:29:44.847638+00:00 Debian Importer Affected by VCID-44hs-aqfs-z7hm https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:27:43.857214+00:00 Debian Importer Affected by VCID-jntf-wzkr-vubd https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:21:57.781824+00:00 Debian Importer Affected by VCID-gmfy-2f35-fbds https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:17:35.489223+00:00 Debian Importer Affected by VCID-sghr-z7g1-jugg https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:12:04.951801+00:00 Debian Importer Affected by VCID-87q8-hpm2-skgk https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-07T12:03:27.116860+00:00 Debian Importer Affected by VCID-1dj2-fmb4-tffu https://security-tracker.debian.org/tracker/data/json 37.0.0
2025-08-01T13:17:01.498594+00:00 Debian Importer Affected by VCID-dr54-pmjh-ayba https://security-tracker.debian.org/tracker/data/json 37.0.0