diff options
| author | Robert Nagy <rnagy@FreeBSD.org> | 2025-12-06 10:05:01 +0000 |
|---|---|---|
| committer | Robert Nagy <rnagy@FreeBSD.org> | 2025-12-06 10:05:30 +0000 |
| commit | bd343d76b8d0c24af9cf894cd94ee258812e0775 (patch) | |
| tree | cbf25cd85eb61ce9ad063cea131209a66c04cdf4 | |
| parent | a1a60aacde801ea0aa60f614715712d22a6b9f8f (diff) | |
security/vuxml: add www/*chromium < 143.0.7499.40
| -rw-r--r-- | security/vuxml/vuln/2025.xml | 57 |
1 files changed, 57 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml index f2f3e35d837e..d795461fa6b6 100644 --- a/security/vuxml/vuln/2025.xml +++ b/security/vuxml/vuln/2025.xml @@ -1,3 +1,60 @@ + <vuln vid="ea34264d-d289-11f0-a15a-a8a1599412c6"> + <topic>chromium -- multiple security fixes</topic> + <affects> + <package> + <name>chromium</name> + <range><lt>143.0.7499.40</lt></range> + </package> + <package> + <name>ungoogled-chromium</name> + <range><lt>143.0.7499.40</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Chrome Releases reports:</p> + <blockquote cite="https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html"> + <p>This update includes 13 security fixes:</p> + <ul> + <li>[456547591] High CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws) on 2025-10-31</li> + <li>[448113221] High CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos on 2025-09-29</li> + <li>[439058242] High CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles on 2025-08-16</li> + <li>[458082926] High CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome on 2025-11-05</li> + <li>[429140219] Medium CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft on 2025-07-02</li> + <li>[457818670] Medium CVE-2025-13720: Bad cast in Loader. Reported by Chrome on 2025-11-04</li> + <li>[355120682] Medium CVE-2025-13721: Race in v8. Reported by Chrome on 2024-07-23</li> + <li>[405727341] Low CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-03-24</li> + <li>[446181124] Low CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani on 2025-09-20</li> + <li>[392375329] Low CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh on 2025-01-27</li> + <li>[448046109] Low CVE-2025-13638: Use after free in Media Stream. Reported by sherkito on 2025-09-29</li> + <li>[448408148] Low CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke on 2025-10-01</li> + <li>[452071826] Low CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous on 2025-10-14</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2025-13631</cvename> + <cvename>CVE-2025-13632</cvename> + <cvename>CVE-2025-13633</cvename> + <cvename>CVE-2025-13634</cvename> + <cvename>CVE-2025-13635</cvename> + <cvename>CVE-2025-13636</cvename> + <cvename>CVE-2025-13637</cvename> + <cvename>CVE-2025-13638</cvename> + <cvename>CVE-2025-13639</cvename> + <cvename>CVE-2025-13640</cvename> + <cvename>CVE-2025-13634</cvename> + <cvename>CVE-2025-13720</cvename> + <cvename>CVE-2025-13721</cvename> + <url>https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop.html</url> + </references> + <dates> + <discovery>2025-12-02</discovery> + <entry>2025-12-06</entry> + </dates> + </vuln> + <vuln vid="8acfcfdc-d27c-11f0-8512-b0416f0c4c67"> <topic>spotipy -- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')</topic> <affects> |