Исправленные уязвимости
Мы исправили следующие уязвимости из базы CVE, обнаруженные в ядре Chromium и в Яндекс Браузере.
Уязвимости в Яндекс Браузере
24.7.1
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2024-6473 | DLL Hijacking in Yandex Browser. | DLL-Hijacking в Яндекс Браузере. | Critical |
22.5.0
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2021-25261 | An elevation of privilege vulnerability exists in Yandex Browser prior to 22.5.0.826. | В версиях ранее 22.5.0.826 присутствует уязвимость повышения привилегий локальным пользователем. | High |
22.3.3
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2022-28226 | An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.801. | В версиях ранее 22.3.3.801 присутствует уязвимость повышения привилегий локальным пользователем. | High |
| CVE-2022-28225 | An elevation of privilege vulnerability exists in Yandex Browser prior to 22.3.3.684. | В версиях ранее 22.3.3.684 присутствует уязвимость повышения привилегий локальным пользователем. | High |
21.9.0
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2021-25263 | An elevation of privilege vulnerability exists in Yandex Browser prior to 21.9.0.390. | В версиях ранее 21.9.0.390 присутствует уязвимость повышения привилегий локальным пользователем. | High |
17.4.1
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2017-7327 | Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking Vulnerability because an untrusted search path is used for dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | Файл-установщик Яндекс Браузера был уязвим к DLL-Hijacking из-за отсутствия проверок загрузки путей для dnsapi.dll, winmm.dll, ntmarta.dll, cryptbase.dll or profapi.dll. | High |
17.4.0
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2017-7326 | Race condition issue in Yandex Browser for Android before 17.4.0.16 allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page. | Состояние гонки (race-condition) в Яндекc Браузер для Android позволяло эксплуатировать уязвимость повреждения памяти, используя специально подготовленную HTML-страницу. | High |
17.1.1
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2016-8508 | Yandex Browser for desktop before 17.1.1.227 does not show Protect (similar to Safebrowsing in Chromium) warnings in web-sites with special content-type, which could be used by remote attacker for prevention Protect warning on own malicious web-site. | Уведомление о подозрительном контенте, что технология Protect в Яндекс Браузере не отображается для определенных типов контента. | Medium |
16.10.0
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2016-8507 | Yandex Browser for iOS before 16.10.0.2357 does not properly restrict processing of facetime:// URLs, which allows remote attackers to initiate facetime-call without user's approval and obtain video and audio data from a device via a crafted web site. | Яндекс Браузер для iOS некорректно осуществлял проверку URL со схемой facetime://, в результате чего атакующий получал возможность инициировать видеозвонок без уведомления пользователя. | Medium |
16.9
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2016-8503 | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | Уведомление, что технология Антифишинг может быть использована для перебора паролей пользователя. | High |
| CVE-2017-7325 | Yandex Browser before 16.9.0 allows remote attackers to spoof the address bar via window.open. | Уязвимость позволяла атакующему подменить значение адресной строки Яндекс Браузер c помощью вызова window.open. | High |
16.6
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2016-8504 | CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | CSRF в механизме синхронизации форм в Яндекс Браузере позволяет атакующему получить доступ к сохраненным данным профиля пользователя. | Medium |
| CVE-2016-8505 | XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | XSS в расширении BookReader в Яндекс Браузере позволяет атакующему выполнить произвольный javascript код. | Medium |
16.2
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2016-8502 | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | Уведомление, что технология Антифишинг может быть использована для перебора паролей пользователя. | High |
| CVE-2016-8506 | XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | XSS в расширении Переводчик в Яндекс Браузере позволяет атакующему выполнить произвольный javascript код. | Medium |
15.12
| Идентификатор уязвимости | Описание (EN) | Описание (RU) | Критичность |
|---|---|---|---|
| CVE-2016-8501 | Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | Уязвимость в технологии Безопасный WiFi в Яндекс Браузере позволяет атакующему осуществлять перехват сетевого трафика в открытых или WEP-сетях. | Medium |
Уязвимости в ядре Chromium
25.6.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2025-6554 | Type Confusion in V8. | High |
| CVE-2025-6558 | Incorrect validation of untrusted input in ANGLE and GPU. | High |
| CVE-2025-7656 | Integer overflow in V8. | High |
| CVE-2025-7657 | Use after free in WebRTC. | High |
25.4.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2025-2476 | Use after free in Lens. | Critical |
| CVE-2025-5068 | Use after free in Blink. | Medium |
| CVE-2025-5419 | Out of bounds read and write in V8. | High |
25.2.4
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2025-2783 | Incorrect handle provided in unspecified circumstances in Mojo on Windows. | High |
| CVE-2025-24201 | Out of bounds write in GPU on Mac. | High |
25.2.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2025-0434 | Out of bounds memory access in V8. | High |
| CVE-2025-0435 | Inappropriate implementation in Navigation. | High |
| CVE-2025-0436 | Integer overflow in Skia. | High |
| CVE-2025-0437 | Out of bounds read in Metrics. | High |
| CVE-2025-0438 | Stack buffer overflow in Tracing. | High |
| CVE-2025-0439 | Race in Frames. | Medium |
| CVE-2025-0440 | Inappropriate implementation in Fullscreen. | Medium |
| CVE-2025-0441 | Inappropriate implementation in Fenced Frames. | Medium |
| CVE-2025-0442 | Inappropriate implementation in Payments. | Medium |
| CVE-2025-0443 | Insufficient data validation in Extensions. | Medium |
| CVE-2025-0446 | Inappropriate implementation in Extensions. | Low |
| CVE-2025-0447 | Inappropriate implementation in Navigation. | Low |
| CVE-2025-0448 | Inappropriate implementation in Compositing. | Low |
| CVE-2025-0611 | Object corruption in V8. | High |
| CVE-2025-0612 | Out of bounds memory access in V8. | High |
| CVE-2025-0762 | Use after free in DevTools. | Medium |
| CVE-2025-0995 | Use after free in V8. | High |
| CVE-2025-0996 | Inappropriate implementation in Browser UI. | High |
| CVE-2025-0997 | Use after free in Navigation. | High |
| CVE-2025-0998 | Out of bounds memory access in V8. | High |
| CVE-2025-2783 | Incorrect handle provided in unspecified circumstances in Mojo. | High |
24.12.4
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-10487 | Out of bounds write in Dawn. | Critical |
| CVE-2024-10488 | Use after free in WebRTC. | High |
| CVE-2024-10826 | Use after free in Family Experiences. | High |
| CVE-2024-10827 | Use after free in Serial. | High |
| CVE-2024-12694 | Use after free in Compositing. | High |
| CVE-2025-0291 | Type Confusion in V8. | High |
| CVE-2025-0762 | Use after free in DevTools. | Medium |
24.10.4
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-7964 | Use after free in Passwords. | High |
| CVE-2024-7965 | Inappropriate implementation in V8. | High |
| CVE-2024-7966 | Out of bounds memory access in Skia. | High |
| CVE-2024-7967 | Heap buffer overflow in Fonts. | High |
| CVE-2024-7968 | Use after free in Autofill. | High |
| CVE-2024-7969 | Type Confusion in V8. | High |
| CVE-2024-7970 | Out of bounds write in V8. | High |
| CVE-2024-7971 | Type confusion in V8. | High |
| CVE-2024-7972 | Inappropriate implementation in V8. | Medium |
| CVE-2024-7973 | Heap buffer overflow in PDFium. | Medium |
| CVE-2024-7974 | Insufficient data validation in V8 API. | Medium |
| CVE-2024-7975 | Inappropriate implementation in Permissions. | Medium |
| CVE-2024-7976 | Inappropriate implementation in FedCM. | Medium |
| CVE-2024-7977 | Insufficient data validation in Installer. | Medium |
| CVE-2024-7978 | Insufficient policy enforcement in Data Transfer. | Medium |
| CVE-2024-7979 | Insufficient data validation in Installer. | Medium |
| CVE-2024-7980 | Insufficient data validation in Installer. | Medium |
| CVE-2024-7981 | Inappropriate implementation in Views. | Low |
| CVE-2024-8033 | Inappropriate implementation in WebApp Installs. | Low |
| CVE-2024-8034 | Inappropriate implementation in Custom Tabs. | Low |
| CVE-2024-8035 | Inappropriate implementation in Extensions. | Low |
| CVE-2024-8193 | Heap buffer overflow in Skia. | High |
| CVE-2024-8194 | Type Confusion in V8. | High |
| CVE-2024-8198 | Heap buffer overflow in Skia. | High |
| CVE-2024-8362 | Use after free in WebAudio. | High |
| CVE-2024-8636 | Heap buffer overflow in Skia. | High |
| CVE-2024-8637 | Use after free in Media Router. | High |
| CVE-2024-8638 | Type Confusion in V8. | High |
| CVE-2024-8639 | Use after free in Autofill. | High |
| CVE-2024-10229 | Inappropriate implementation in Extensions. | High |
| CVE-2024-10487 | Out of bounds write in Dawn. | Critical |
| CVE-2024-10488 | Use after free in WebRTC. | High |
24.7.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-6772 | Inappropriate implementation in V8. | High |
| CVE-2024-6773 | Inappropriate implementation in V8. | High |
| CVE-2024-6774 | Use after free in Screen Capture. | High |
| CVE-2024-6775 | Use after free in Media Stream. | High |
| CVE-2024-6776 | Use after free in Audio. | High |
| CVE-2024-6777 | Use after free in Navigation. | High |
| CVE-2024-6778 | Race in DevTools. | High |
| CVE-2024-6779 | Out of bounds memory access in V8. | High |
| CVE-2024-6990 | Uninitialized Use in Dawn. | Critical |
| CVE-2024-7965 | Inappropriate implementation in V8. | High |
| CVE-2024-7971 | Type confusion in V8. | High |
24.6.4
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-4558 | Use after free in ANGLE. | High |
| CVE-2024-4559 | Heap buffer overflow in WebAudio. | High |
| CVE-2024-5496 | Use after free in Media Session. | High |
| CVE-2024-5497 | Out of bounds memory access in Browser UI. | High |
| CVE-2024-5498 | Use after free in Presentation API. | High |
| CVE-2024-5499 | Out of bounds write in Streams API. | High |
24.6.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-4331 | Use after free in Picture In Picture. | High |
| CVE-2024-4368 | Use after free in Dawn. | High |
24.4.3
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-4058 | Type confusion in ANGLE. | Critical |
| CVE-2024-4059 | Out of bounds read in V8. | High |
| CVE-2024-4060 | Use after free in Dawn. | High |
| CVE-2024-4671 | Use after free in Visuals. | High |
| CVE-2024-4947 | Type Confusion in V8. | High |
| CVE-2024-5274 | Type Confusion in V8. | High |
24.1.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-0333 | Insufficient data validation in Extensions. | High |
23.11.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2024-0519 | Out of bounds memory access in V8. | High |
| CVE-2024-0518 | Type confusion in V8. | High |
| CVE-2024-0517 | Out of bounds write in V8. | High |
23.9.5
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2023-5996 | Use after free in WebAudio. | High |
| CVE-2023-5997 | Use after free in Garbage Collection. | High |
| CVE-2023-6112 | Use after free in Navigation. | High |
| CVE-2023-6345 | Integer overflow in Skia. | High |
| CVE-2023-5480 | Inappropriate implementation in Payments. | High |
| CVE-2023-5849 | Integer overflow in USB. | High |
| CVE-2023-5482 | Insufficient data validation in USB. | High |
23.9.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2023-4863 | Heap buffer overflow in libwebp. | Critical |
| CVE-2023-2312 | Use after free in Offline. | High |
| CVE-2023-4349 | Use after free in Device Trust Connectors. | High |
| CVE-2023-4350 | Inappropriate implementation in Fullscreen. | High |
| CVE-2023-4351 | Use after free in Network. | High |
| CVE-2023-4352 | Type Confusion in V8. | High |
| CVE-2023-4353 | Heap buffer overflow in ANGLE. | High |
| CVE-2023-4354 | Heap buffer overflow in Skia. | High |
| CVE-2023-4355 | Out of bounds memory access in V8. | High |
| CVE-2023-4356 | Use after free in Audio. | Medium |
| CVE-2023-4357 | Insufficient validation of untrusted input in XML. | Medium |
| CVE-2023-4358 | Use after free in DNS. | Medium |
| CVE-2023-4359 | Inappropriate implementation in App Launcher. | Medium |
| CVE-2023-4360 | Inappropriate implementation in Color. | Medium |
| CVE-2023-4361 | Inappropriate implementation in Autofill. | Medium |
| CVE-2023-4362 | Heap buffer overflow in Mojom IDL. | Medium |
| CVE-2023-4363 | Inappropriate implementation in WebShare. | Medium |
| CVE-2023-4364 | Inappropriate implementation in Permission Prompts. | Medium |
| CVE-2023-4365 | Inappropriate implementation in Fullscreen. | Medium |
| CVE-2023-4366 | Use after free in Extensions. | Medium |
| CVE-2023-4367 | Insufficient policy enforcement in Extensions API. | Medium |
| CVE-2023-4368 | Insufficient policy enforcement in Extensions API. | Medium |
23.7.5
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2023-4359 | Inappropriate implementation in App Launcher. | Medium |
| CVE-2023-4368 | Insufficient policy enforcement in Extensions API. | Medium |
| CVE-2023-4362 | Heap buffer overflow in Mojom IDL. | Medium |
| CVE-2023-4353 | Heap buffer overflow in ANGLE. | High |
| CVE-2023-4350 | Inappropriate implementation in Fullscreen. | High |
| CVE-2023-4354 | Heap buffer overflow in Skia. | High |
| CVE-2023-4365 | Inappropriate implementation in Fullscreen. | Medium |
| CVE-2023-2312 | Use after free in Offline. | High |
| CVE-2023-4358 | Use after free in DNS. | Medium |
| CVE-2023-4363 | Inappropriate implementation in WebShare. | Medium |
| CVE-2023-4367 | Insufficient policy enforcement in Extensions API. | Medium |
| CVE-2023-4357 | Insufficient validation of untrusted input in XML. | Medium |
| CVE-2023-4351 | Use after free in Network. | High |
| CVE-2023-4364 | Inappropriate implementation in Permission Prompts. | Medium |
| CVE-2023-4360 | Inappropriate implementation in Color. | Medium |
| CVE-2023-4349 | Use after free in Device Trust Connectors. | High |
| CVE-2023-4361 | Inappropriate implementation in Autofill. | Meidum |
| CVE-2023-4366 | Use after free in Extensions. | Meidum |
| CVE-2023-4356 | Use after free in Audio. | Meidum |
| CVE-2023-4352 | Type confusion in V8. | High |
23.7.0
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2023-3421 | Use after free in Media. | High |
| CVE-2023-3422 | Use after free in Guest View. | High |
| CVE-2023-3420 | Type Confusion in V8. | High |
| CVE-2023-3214 | Use after free in Autofill payments. | Critical |
| CVE-2023-3215 | Use after free in WebRTC. | High |
| CVE-2023-3216 | Type Confusion in V8. | High |
| CVE-2023-3217 | Use after free in WebXR. | High |
| CVE-2023-3079 | Type Confusion in V8. | High |
| CVE-2023-2929 | Out of bounds write in Swiftshader. | High |
| CVE-2023-2930 | Use after free in Extensions. | High |
| CVE-2023-3598 | Out of bounds read and write in ANGLE. | High |
| CVE-2023-2931 | Use after free in PDF. | High |
| CVE-2023-2932 | Use after free in PDF. | High |
| CVE-2023-2933 | Use after free in PDF. | High |
| CVE-2023-2934 | Out of bounds memory access in Mojo. | High |
| CVE-2023-2935 | Type Confusion in V8. | High |
| CVE-2023-2936 | Type Confusion in V8. | High |
| CVE-2023-2937 | Inappropriate implementation in Picture In Picture. | Medium |
| CVE-2023-2938 | Inappropriate implementation in Picture In Picture. | Medium |
| CVE-2023-2939 | Insufficient data validation in Installer. | Medium |
| CVE-2023-2940 | Inappropriate implementation in Downloads. | Medium |
| CVE-2023-2941 | Inappropriate implementation in Extensions API. | Low |
| CVE-2023-2721 | Use after free in Navigation. | Critical |
| CVE-2023-2722 | Use after free in Autofill UI. | High |
| CVE-2023-2723 | Use after free in DevTools. | High |
| CVE-2023-2724 | Type Confusion in V8. | High |
| CVE-2023-2725 | Use after free in Guest View. | High |
| CVE-2023-2726 | Inappropriate implementation in WebApp Installs. | Medium |
| CVE-2023-2459 | Inappropriate implementation in Prompts. | Medium |
| CVE-2023-2460 | Insufficient validation of untrusted input in Extensions. | Medium |
| CVE-2023-2461 | Use after free in OS Inputs. | Medium |
| CVE-2023-2462 | Inappropriate implementation in Prompts. | Medium |
| CVE-2023-2463 | Inappropriate implementation in Full Screen Mode. | Medium |
| CVE-2023-2464 | Inappropriate implementation in PictureInPicture. | Medium |
| CVE-2023-2465 | Inappropriate implementation in CORS. | Medium |
| CVE-2023-2466 | Inappropriate implementation in Prompts. | Low |
| CVE-2023-2467 | Inappropriate implementation in Prompts. | Low |
| CVE-2023-2468 | Inappropriate implementation in PictureInPicture. | Low |
23.5.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2023-2133 | Out of bounds memory access in Service Worker API. | High |
| CVE-2023-2134 | Out of bounds memory access in Service Worker API. | High |
| CVE-2023-2135 | Use after free in DevTools. | High |
| CVE-2023-2136 | Integer overflow in Skia. | High |
| CVE-2023-2137 | Heap buffer overflow in sqlite. | Medium |
| CVE-2023-2033 | Type Confusion in V8. | High |
| CVE-2023-1810 | Heap buffer overflow in Visuals. | High |
| CVE-2023-1811 | Use after free in Frames. | High |
| CVE-2023-2313 | Inappropriate implementation in Sandbox. | High |
| CVE-2023-1812 | Out of bounds memory access in DOM Bindings. | Medium |
| CVE-2023-1813 | Inappropriate implementation in Extensions. | Medium |
| CVE-2023-1814 | Insufficient validation of untrusted input in Safe Browsing. | Medium |
| CVE-2023-1815 | Use after free in Networking APIs. | Medium |
| CVE-2023-1816 | Incorrect security UI in Picture In Picture. | Medium |
| CVE-2023-1817 | Insufficient policy enforcement in Intents. | Medium |
| CVE-2023-2311 | Insufficient policy enforcement in File System API. | Medium |
| CVE-2023-1818 | Use after free in Vulkan. | Medium |
| CVE-2023-1819 | Out of bounds read in Accessibility. | Medium |
| CVE-2023-1820 | Heap buffer overflow in Browser History. | Medium |
| CVE-2023-1821 | Inappropriate implementation in WebShare. | Low |
| CVE-2023-1822 | Incorrect security UI in Navigation. | Low |
| CVE-2023-1823 | Inappropriate implementation in FedCM. | Low |
| CVE-2023-1528 | Use after free in Passwords. | High |
| CVE-2023-1529 | Out of bounds memory access in WebHID. | High |
| CVE-2023-1530 | Use after free in PDF. | High |
| CVE-2023-1531 | Use after free in ANGLE. | High |
| CVE-2023-1532 | Out of bounds read in GPU Video. | High |
| CVE-2023-1533 | Use after free in WebProtect. | High |
| CVE-2023-1534 | Out of bounds read in ANGLE. | High |
| CVE-2023-1213 | Use after free in Swiftshader. | High |
| CVE-2023-1214 | Type Confusion in V8. | High |
| CVE-2023-1215 | Type Confusion in CSS. | High |
| CVE-2023-1216 | Use after free in DevTools. | High |
| CVE-2023-1217 | Stack buffer overflow in Crash reporting. | High |
| CVE-2023-1218 | Use after free in WebRTC. | High |
| CVE-2023-1219 | Heap buffer overflow in Metrics. | High |
| CVE-2023-1220 | Heap buffer overflow in UMA. | High |
| CVE-2023-1221 | Insufficient policy enforcement in Extensions API. | Medium |
| CVE-2023-1222 | Heap buffer overflow in Web Audio API. | Medium |
| CVE-2023-1223 | Insufficient policy enforcement in Autofill. | Medium |
| CVE-2023-1224 | Insufficient policy enforcement in Web Payments API. | Medium |
| CVE-2023-1225 | Insufficient policy enforcement in Navigation. | Medium |
| CVE-2023-1226 | Insufficient policy enforcement in Web Payments API. | Medium |
| CVE-2023-1227 | Use after free in Core. | Medium |
| CVE-2023-1228 | Insufficient policy enforcement in Intents. | Medium |
| CVE-2023-1229 | Inappropriate implementation in Permission prompts. | Medium |
| CVE-2023-1230 | Inappropriate implementation in WebApp Installs. | Medium |
| CVE-2023-1231 | Inappropriate implementation in Autofill. | Medium |
| CVE-2023-2314 | Insufficient data validation in DevTools. | Low |
| CVE-2023-1232 | Insufficient policy enforcement in Resource Timing. | Low |
| CVE-2023-1233 | Insufficient policy enforcement in Resource Timing. | Low |
| CVE-2023-1234 | Inappropriate implementation in Intents. | Low |
| CVE-2023-1235 | Type Confusion in DevTools. | Low |
| CVE-2023-1236 | Inappropriate implementation in Internals. | Low |
23.3.1
| Идентификатор уязвимости | Описание (EN) | Критичность |
|---|---|---|
| CVE-2023-0941 | Use after free in Prompts. | Critical |
| CVE-2023-0927 | Use after free in Web Payments API. | High |
| CVE-2023-0928 | Use after free in SwiftShader. | High |
| CVE-2023-0929 | Use after free in Vulkan. | High |
| CVE-2023-0930 | Heap buffer overflow in Video. | High |
| CVE-2023-0931 | Use after free in Video. | High |
| CVE-2023-0932 | Use after free in WebRTC. | High |
| CVE-2023-0933 | Integer overflow in PDF. | Medium |
| CVE-2023-0696 | Type Confusion in V8. | High |
| CVE-2023-0697 | Inappropriate implementation in Full screen mode. | High |
| CVE-2023-0698 | Out of bounds read in WebRTC. | High |
| CVE-2023-0699 | Use after free in GPU. | Medium |
| CVE-2023-0700 | Inappropriate implementation in Download. | Medium |
| CVE-2023-0701 | Heap buffer overflow in WebUI. | Medium |
| CVE-2023-0702 | Type Confusion in Data Transfer. | Medium |
| CVE-2023-0703 | Type Confusion in DevTools. | Medium |
| CVE-2023-0704 | Insufficient policy enforcement in DevTools. | Low |
| CVE-2023-0705 | Integer overflow in Core. | Low |
| CVE-2023-0471 | Use after free in WebTransport. | High |
| CVE-2023-0472 | Use after free in WebRTC. | High |
| CVE-2023-0473 | Type Confusion in ServiceWorker API. | Medium |
| CVE-2023-0474 | Use after free in GuestView. | Medium |
| CVE-2022-4926 | Insufficient policy enforcement in Intents. | Medium |
| CVE-2023-0128 | Use after free in Overview Mode. | High |
| CVE-2023-0129 | Heap buffer overflow in Network Service. | High |
| CVE-2023-0130 | Inappropriate implementation in Fullscreen API. | Medium |
| CVE-2023-0131 | Inappropriate implementation in iframe Sandbox. | Medium |
| CVE-2023-0132 | Inappropriate implementation in Permission prompts. | Medium |
| CVE-2023-0133 | Inappropriate implementation in Permission prompts. | Medium |
| CVE-2023-0134 | Use after free in Cart. | Medium |
| CVE-2023-0135 | Use after free in Cart. | Medium |
| CVE-2023-0136 | Inappropriate implementation in Fullscreen API. | Medium |
| CVE-2023-0137 | Heap buffer overflow in Platform Apps. | Medium |
| CVE-2023-0138 | Heap buffer overflow in libphonenumber. | Low |
| CVE-2023-0139 | Insufficient validation of untrusted input in Downloads. | Low |
| CVE-2023-0140 | Inappropriate implementation in File System API. | Low |
| CVE-2023-0141 | Insufficient policy enforcement in CORS. | Low |
Также вы можете перейти на сервис
Полезные ссылки
Была ли статья полезна?
Предыдущая
Следующая