Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-12727 (GCVE-0-2025-12727)
Vulnerability from cvelistv5 – Published: 2025-11-10 20:00 – Updated: 2025-11-12 17:09
VLAI?
EPSS
Summary
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
CWE
- Inappropriate implementation
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-12727",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-11T04:55:41.768359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-12T17:09:17.181Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Chrome",
"vendor": "Google",
"versions": [
{
"lessThan": "142.0.7444.137",
"status": "affected",
"version": "142.0.7444.137",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Inappropriate implementation",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-10T20:00:55.682Z",
"orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"shortName": "Chrome"
},
"references": [
{
"url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html"
},
{
"url": "https://issues.chromium.org/issues/454485895"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
"assignerShortName": "Chrome",
"cveId": "CVE-2025-12727",
"datePublished": "2025-11-10T20:00:55.682Z",
"dateReserved": "2025-11-04T21:56:37.024Z",
"dateUpdated": "2025-11-12T17:09:17.181Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-12727\",\"sourceIdentifier\":\"chrome-cve-admin@google.com\",\"published\":\"2025-11-10T20:15:39.833\",\"lastModified\":\"2025-11-25T14:53:03.100\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"142.0.7444.134\",\"matchCriteriaId\":\"B3907D2C-FD39-49C9-B6D2-AF6A29921831\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"142.0.7444.135\",\"matchCriteriaId\":\"E1456F40-81F4-4166-A327-35AD53E2A36A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]}],\"references\":[{\"url\":\"https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://issues.chromium.org/issues/454485895\",\"source\":\"chrome-cve-admin@google.com\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-12727\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-11-11T04:55:41.768359Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-11-10T20:20:03.213Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Google\", \"product\": \"Chrome\", \"versions\": [{\"status\": \"affected\", \"version\": \"142.0.7444.137\", \"lessThan\": \"142.0.7444.137\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html\"}, {\"url\": \"https://issues.chromium.org/issues/454485895\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"Inappropriate implementation\"}]}], \"providerMetadata\": {\"orgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"shortName\": \"Chrome\", \"dateUpdated\": \"2025-11-10T20:00:55.682Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-12727\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-12T17:09:17.181Z\", \"dateReserved\": \"2025-11-04T21:56:37.024Z\", \"assignerOrgId\": \"ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28\", \"datePublished\": \"2025-11-10T20:00:55.682Z\", \"assignerShortName\": \"Chrome\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
OPENSUSE-SU-2025-20037-1
Vulnerability from csaf_opensuse - Published: 2025-11-10 17:22 - Updated: 2025-11-10 17:22Summary
Security update for chromium
Notes
Title of the patch
Security update for chromium
Description of the patch
This update for chromium fixes the following issues:
Chromium 142.0.7444.134 (boo#1253089):
* CVE-2025-12725: Out of bounds write in WebGPU
* CVE-2025-12726: Inappropriate implementation in Views
* CVE-2025-12727: Inappropriate implementation in V8
* CVE-2025-12728: Inappropriate implementation in Omnibox
* CVE-2025-12729: Inappropriate implementation in Omnibox
Patchnames
openSUSE-Leap-16.0-packagehub-19
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for chromium",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for chromium fixes the following issues:\n\nChromium 142.0.7444.134 (boo#1253089):\n\n * CVE-2025-12725: Out of bounds write in WebGPU\n * CVE-2025-12726: Inappropriate implementation in Views\n * CVE-2025-12727: Inappropriate implementation in V8\n * CVE-2025-12728: Inappropriate implementation in Omnibox\n * CVE-2025-12729: Inappropriate implementation in Omnibox\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Leap-16.0-packagehub-19",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025-20037-1.json"
},
{
"category": "self",
"summary": "SUSE Bug 1253089",
"url": "https://bugzilla.suse.com/1253089"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12729/"
}
],
"title": "Security update for chromium",
"tracking": {
"current_release_date": "2025-11-10T17:22:06Z",
"generator": {
"date": "2025-11-10T17:22:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025-20037-1",
"initial_release_date": "2025-11-10T17:22:06Z",
"revision_history": [
{
"date": "2025-11-10T17:22:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"product": {
"name": "chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"product_id": "chromedriver-142.0.7444.59-bp160.1.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-142.0.7444.59-bp160.1.1.aarch64",
"product": {
"name": "chromium-142.0.7444.59-bp160.1.1.aarch64",
"product_id": "chromium-142.0.7444.59-bp160.1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"product": {
"name": "chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"product_id": "chromedriver-142.0.7444.59-bp160.1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chromium-142.0.7444.59-bp160.1.1.ppc64le",
"product": {
"name": "chromium-142.0.7444.59-bp160.1.1.ppc64le",
"product_id": "chromium-142.0.7444.59-bp160.1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"product": {
"name": "chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"product_id": "chromedriver-142.0.7444.59-bp160.1.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-142.0.7444.59-bp160.1.1.x86_64",
"product": {
"name": "chromium-142.0.7444.59-bp160.1.1.x86_64",
"product_id": "chromium-142.0.7444.59-bp160.1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 16.0",
"product": {
"name": "openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0"
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-142.0.7444.59-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64"
},
"product_reference": "chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-142.0.7444.59-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le"
},
"product_reference": "chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-142.0.7444.59-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64"
},
"product_reference": "chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-142.0.7444.59-bp160.1.1.aarch64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64"
},
"product_reference": "chromium-142.0.7444.59-bp160.1.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-142.0.7444.59-bp160.1.1.ppc64le as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le"
},
"product_reference": "chromium-142.0.7444.59-bp160.1.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 16.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-142.0.7444.59-bp160.1.1.x86_64 as component of openSUSE Leap 16.0",
"product_id": "openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
},
"product_reference": "chromium-142.0.7444.59-bp160.1.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 16.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12725"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12725",
"url": "https://www.suse.com/security/cve/CVE-2025-12725"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12725",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-10T17:22:06Z",
"details": "important"
}
],
"title": "CVE-2025-12725"
},
{
"cve": "CVE-2025-12726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12726"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12726",
"url": "https://www.suse.com/security/cve/CVE-2025-12726"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12726",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-10T17:22:06Z",
"details": "important"
}
],
"title": "CVE-2025-12726"
},
{
"cve": "CVE-2025-12727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12727"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12727",
"url": "https://www.suse.com/security/cve/CVE-2025-12727"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12727",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-10T17:22:06Z",
"details": "important"
}
],
"title": "CVE-2025-12727"
},
{
"cve": "CVE-2025-12728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12728"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12728",
"url": "https://www.suse.com/security/cve/CVE-2025-12728"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12728",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-10T17:22:06Z",
"details": "important"
}
],
"title": "CVE-2025-12728"
},
{
"cve": "CVE-2025-12729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12729"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12729",
"url": "https://www.suse.com/security/cve/CVE-2025-12729"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12729",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromedriver-142.0.7444.59-bp160.1.1.x86_64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.aarch64",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.ppc64le",
"openSUSE Leap 16.0:chromium-142.0.7444.59-bp160.1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-10T17:22:06Z",
"details": "important"
}
],
"title": "CVE-2025-12729"
}
]
}
OPENSUSE-SU-2025:15720-1
Vulnerability from csaf_opensuse - Published: 2025-11-08 00:00 - Updated: 2025-11-08 00:00Summary
chromedriver-142.0.7444.134-1.1 on GA media
Notes
Title of the patch
chromedriver-142.0.7444.134-1.1 on GA media
Description of the patch
These are all security issues fixed in the chromedriver-142.0.7444.134-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2025-15720
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "chromedriver-142.0.7444.134-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the chromedriver-142.0.7444.134-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15720",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15720-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-12729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-12729/"
}
],
"title": "chromedriver-142.0.7444.134-1.1 on GA media",
"tracking": {
"current_release_date": "2025-11-08T00:00:00Z",
"generator": {
"date": "2025-11-08T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15720-1",
"initial_release_date": "2025-11-08T00:00:00Z",
"revision_history": [
{
"date": "2025-11-08T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-142.0.7444.134-1.1.aarch64",
"product": {
"name": "chromedriver-142.0.7444.134-1.1.aarch64",
"product_id": "chromedriver-142.0.7444.134-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "chromium-142.0.7444.134-1.1.aarch64",
"product": {
"name": "chromium-142.0.7444.134-1.1.aarch64",
"product_id": "chromium-142.0.7444.134-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-142.0.7444.134-1.1.ppc64le",
"product": {
"name": "chromedriver-142.0.7444.134-1.1.ppc64le",
"product_id": "chromedriver-142.0.7444.134-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "chromium-142.0.7444.134-1.1.ppc64le",
"product": {
"name": "chromium-142.0.7444.134-1.1.ppc64le",
"product_id": "chromium-142.0.7444.134-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-142.0.7444.134-1.1.s390x",
"product": {
"name": "chromedriver-142.0.7444.134-1.1.s390x",
"product_id": "chromedriver-142.0.7444.134-1.1.s390x"
}
},
{
"category": "product_version",
"name": "chromium-142.0.7444.134-1.1.s390x",
"product": {
"name": "chromium-142.0.7444.134-1.1.s390x",
"product_id": "chromium-142.0.7444.134-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "chromedriver-142.0.7444.134-1.1.x86_64",
"product": {
"name": "chromedriver-142.0.7444.134-1.1.x86_64",
"product_id": "chromedriver-142.0.7444.134-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "chromium-142.0.7444.134-1.1.x86_64",
"product": {
"name": "chromium-142.0.7444.134-1.1.x86_64",
"product_id": "chromium-142.0.7444.134-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-142.0.7444.134-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64"
},
"product_reference": "chromedriver-142.0.7444.134-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-142.0.7444.134-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le"
},
"product_reference": "chromedriver-142.0.7444.134-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-142.0.7444.134-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x"
},
"product_reference": "chromedriver-142.0.7444.134-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromedriver-142.0.7444.134-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64"
},
"product_reference": "chromedriver-142.0.7444.134-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-142.0.7444.134-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64"
},
"product_reference": "chromium-142.0.7444.134-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-142.0.7444.134-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le"
},
"product_reference": "chromium-142.0.7444.134-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-142.0.7444.134-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x"
},
"product_reference": "chromium-142.0.7444.134-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "chromium-142.0.7444.134-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
},
"product_reference": "chromium-142.0.7444.134-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12725"
}
],
"notes": [
{
"category": "general",
"text": "Out of bounds read in WebGPU in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12725",
"url": "https://www.suse.com/security/cve/CVE-2025-12725"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12725",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-12725"
},
{
"cve": "CVE-2025-12726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12726"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12726",
"url": "https://www.suse.com/security/cve/CVE-2025-12726"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12726",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-12726"
},
{
"cve": "CVE-2025-12727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12727"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12727",
"url": "https://www.suse.com/security/cve/CVE-2025-12727"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12727",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-12727"
},
{
"cve": "CVE-2025-12728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12728"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12728",
"url": "https://www.suse.com/security/cve/CVE-2025-12728"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12728",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-12728"
},
{
"cve": "CVE-2025-12729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-12729"
}
],
"notes": [
{
"category": "general",
"text": "Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-12729",
"url": "https://www.suse.com/security/cve/CVE-2025-12729"
},
{
"category": "external",
"summary": "SUSE Bug 1253089 for CVE-2025-12729",
"url": "https://bugzilla.suse.com/1253089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromedriver-142.0.7444.134-1.1.x86_64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.aarch64",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.ppc64le",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.s390x",
"openSUSE Tumbleweed:chromium-142.0.7444.134-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-11-08T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-12729"
}
]
}
CERTFR-2025-AVI-0976
Vulnerability from certfr_avis - Published: 2025-11-07 - Updated: 2025-11-07
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 142.0.3595.65",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
}
],
"initial_release_date": "2025-11-07T00:00:00",
"last_revision_date": "2025-11-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0976",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12726",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12726"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12727"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12725",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12725"
}
]
}
CERTFR-2025-AVI-0976
Vulnerability from certfr_avis - Published: 2025-11-07 - Updated: 2025-11-07
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Edge versions ant\u00e9rieures \u00e0 142.0.3595.65",
"product": {
"name": "Edge",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
}
],
"initial_release_date": "2025-11-07T00:00:00",
"last_revision_date": "2025-11-07T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0976",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Microsoft Edge. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
"vendor_advisories": [
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12726",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12726"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12727",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12727"
},
{
"published_at": "2025-11-06",
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft Edge CVE-2025-12725",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-12725"
}
]
}
CERTFR-2025-AVI-0973
Vulnerability from certfr_avis - Published: 2025-11-06 - Updated: 2025-11-06
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome versions ant\u00e9rieures \u00e0 142.0.7444.134/.135 pour Windows",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Chrome versions ant\u00e9rieures \u00e0 142.0.7444.134 pour Linux",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Chrome versions ant\u00e9rieures \u00e0 142.0.7444.135 pour Mac",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2025-12729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
},
{
"name": "CVE-2025-12728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome",
"url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html"
}
]
}
CERTFR-2025-AVI-0973
Vulnerability from certfr_avis - Published: 2025-11-06 - Updated: 2025-11-06
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Chrome versions ant\u00e9rieures \u00e0 142.0.7444.134/.135 pour Windows",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Chrome versions ant\u00e9rieures \u00e0 142.0.7444.134 pour Linux",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
},
{
"description": "Chrome versions ant\u00e9rieures \u00e0 142.0.7444.135 pour Mac",
"product": {
"name": "Chrome",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-12726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12726"
},
{
"name": "CVE-2025-12725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12725"
},
{
"name": "CVE-2025-12729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12729"
},
{
"name": "CVE-2025-12728",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12728"
},
{
"name": "CVE-2025-12727",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12727"
}
],
"initial_release_date": "2025-11-06T00:00:00",
"last_revision_date": "2025-11-06T00:00:00",
"links": [],
"reference": "CERTFR-2025-AVI-0973",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-11-06T00:00:00.000000"
}
],
"risks": [
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Chrome. Elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Chrome",
"vendor_advisories": [
{
"published_at": "2025-11-05",
"title": "Bulletin de s\u00e9curit\u00e9 Google Chrome",
"url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html"
}
]
}
GHSA-C39C-9W23-7VMG
Vulnerability from github – Published: 2025-11-10 21:30 – Updated: 2025-11-12 18:31
VLAI?
Details
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Severity ?
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2025-12727"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-10T20:15:39Z",
"severity": "HIGH"
},
"details": "Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)",
"id": "GHSA-c39c-9w23-7vmg",
"modified": "2025-11-12T18:31:14Z",
"published": "2025-11-10T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12727"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://issues.chromium.org/issues/454485895"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
WID-SEC-W-2025-2491
Vulnerability from csaf_certbund - Published: 2025-11-05 23:00 - Updated: 2025-11-24 23:00Summary
Google Chrome/Microsoft Edge: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Chrome ist ein Internet-Browser von Google.
Edge ist ein Internet-Browser von Microsoft.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen, möglicherweise beliebigen Code auszuführen, Speicherbeschädigungen zu verursachen oder einen Denial-of-Service-Zustand auszulösen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Chrome ist ein Internet-Browser von Google.\r\nEdge ist ein Internet-Browser von Microsoft.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Google Chrome/Microsoft Edge ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren, m\u00f6glicherweise beliebigen Code auszuf\u00fchren, Speicherbesch\u00e4digungen zu verursachen oder einen Denial-of-Service-Zustand auszul\u00f6sen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- MacOS X\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2491 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2491.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2491 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2491"
},
{
"category": "external",
"summary": "Google Chrome Stable Channel Update vom 2025-11-05",
"url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2025-11-06",
"url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#november-6-2025"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-6050 vom 2025-11-07",
"url": "https://lists.debian.org/debian-security-announce/2025/msg00216.html"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-35C67D93F9 vom 2025-11-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-35c67d93f9"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-97961060E1 vom 2025-11-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-97961060e1"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0423-1 vom 2025-11-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ZKCKFXTI2ISHIRHFN2PZWMQDP3HK7NE5/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-671D7AA1BA vom 2025-11-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-671d7aa1ba"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2025:0422-1 vom 2025-11-08",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CRGDLCLMKGN5QYLKKQMZG5EF6MCN4WEB/"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-EPEL-2025-BCF0AEE791 vom 2025-11-08",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2025-bcf0aee791"
},
{
"category": "external",
"summary": "Release notes for Microsoft Edge Security Updates vom 2025-11-10",
"url": "https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#november-10-2025"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-604E02CA72 vom 2025-11-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-604e02ca72"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2025-58193E3850 vom 2025-11-17",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2025-58193e3850"
},
{
"category": "external",
"summary": "IGEL Security Notice ISN-2025-50 vom 2025-11-24",
"url": "https://kb.igel.com/en/security-safety/current/isn-2025-50-chromium-vulnerability-exploited-in-th"
}
],
"source_lang": "en-US",
"title": "Google Chrome/Microsoft Edge: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2025-11-24T23:00:00.000+00:00",
"generator": {
"date": "2025-11-25T08:42:59.624+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2025-2491",
"initial_release_date": "2025-11-05T23:00:00.000+00:00",
"revision_history": [
{
"date": "2025-11-05T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2025-11-06T23:00:00.000+00:00",
"number": "2",
"summary": "Edge Update aufgenommen"
},
{
"date": "2025-11-09T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora und openSUSE aufgenommen"
},
{
"date": "2025-11-10T23:00:00.000+00:00",
"number": "4",
"summary": "weiteres Edge Update aufgenommen"
},
{
"date": "2025-11-16T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Fedora aufgenommen"
},
{
"date": "2025-11-24T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IGEL aufgenommen"
}
],
"status": "final",
"version": "6"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Windows \u003c142.0.7444.134/.135",
"product": {
"name": "Google Chrome Windows \u003c142.0.7444.134/.135",
"product_id": "T048319"
}
},
{
"category": "product_version",
"name": "Windows 142.0.7444.134/.135",
"product": {
"name": "Google Chrome Windows 142.0.7444.134/.135",
"product_id": "T048319-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:windows__142.0.7444.134.135"
}
}
},
{
"category": "product_version_range",
"name": "Mac \u003c142.0.7444.135",
"product": {
"name": "Google Chrome Mac \u003c142.0.7444.135",
"product_id": "T048320"
}
},
{
"category": "product_version",
"name": "Mac 142.0.7444.135",
"product": {
"name": "Google Chrome Mac 142.0.7444.135",
"product_id": "T048320-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:mac__142.0.7444.135"
}
}
},
{
"category": "product_version_range",
"name": "Linux \u003c142.0.7444.134",
"product": {
"name": "Google Chrome Linux \u003c142.0.7444.134",
"product_id": "T048321"
}
},
{
"category": "product_version",
"name": "Linux 142.0.7444.134",
"product": {
"name": "Google Chrome Linux 142.0.7444.134",
"product_id": "T048321-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:google:chrome:linux__142.0.7444.134"
}
}
}
],
"category": "product_name",
"name": "Chrome"
}
],
"category": "vendor",
"name": "Google"
},
{
"branches": [
{
"category": "product_name",
"name": "IGEL OS",
"product": {
"name": "IGEL OS",
"product_id": "T017865",
"product_identification_helper": {
"cpe": "cpe:/o:igel:os:-"
}
}
}
],
"category": "vendor",
"name": "IGEL"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c142.0.3595.65",
"product": {
"name": "Microsoft Edge \u003c142.0.3595.65",
"product_id": "T048359"
}
},
{
"category": "product_version",
"name": "142.0.3595.65",
"product": {
"name": "Microsoft Edge 142.0.3595.65",
"product_id": "T048359-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:142.0.3595.65"
}
}
},
{
"category": "product_version_range",
"name": "\u003c142.0.3595.66",
"product": {
"name": "Microsoft Edge \u003c142.0.3595.66",
"product_id": "T048396"
}
},
{
"category": "product_version",
"name": "142.0.3595.66",
"product": {
"name": "Microsoft Edge 142.0.3595.66",
"product_id": "T048396-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:microsoft:edge:142.0.3595.66"
}
}
}
],
"category": "product_name",
"name": "Edge"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-12725",
"product_status": {
"known_affected": [
"T048319",
"2951",
"T017865",
"T027843",
"T048321",
"T048320",
"T048396",
"T048359",
"74185"
]
},
"release_date": "2025-11-05T23:00:00.000+00:00",
"title": "CVE-2025-12725"
},
{
"cve": "CVE-2025-12726",
"product_status": {
"known_affected": [
"T048319",
"2951",
"T017865",
"T027843",
"T048321",
"T048320",
"T048396",
"T048359",
"74185"
]
},
"release_date": "2025-11-05T23:00:00.000+00:00",
"title": "CVE-2025-12726"
},
{
"cve": "CVE-2025-12727",
"product_status": {
"known_affected": [
"T048319",
"2951",
"T017865",
"T027843",
"T048321",
"T048320",
"T048396",
"T048359",
"74185"
]
},
"release_date": "2025-11-05T23:00:00.000+00:00",
"title": "CVE-2025-12727"
},
{
"cve": "CVE-2025-12728",
"product_status": {
"known_affected": [
"T048319",
"2951",
"T017865",
"T027843",
"T048321",
"T048320",
"T048396",
"T048359",
"74185"
]
},
"release_date": "2025-11-05T23:00:00.000+00:00",
"title": "CVE-2025-12728"
},
{
"cve": "CVE-2025-12729",
"product_status": {
"known_affected": [
"T048319",
"2951",
"T017865",
"T027843",
"T048321",
"T048320",
"T048396",
"T048359",
"74185"
]
},
"release_date": "2025-11-05T23:00:00.000+00:00",
"title": "CVE-2025-12729"
}
]
}
FKIE_CVE-2025-12727
Vulnerability from fkie_nvd - Published: 2025-11-10 20:15 - Updated: 2025-11-25 14:53
Severity ?
Summary
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
References
| URL | Tags | ||
|---|---|---|---|
| chrome-cve-admin@google.com | https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html | Release Notes, Vendor Advisory | |
| chrome-cve-admin@google.com | https://issues.chromium.org/issues/454485895 | Issue Tracking, Permissions Required |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3907D2C-FD39-49C9-B6D2-AF6A29921831",
"versionEndExcluding": "142.0.7444.134",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E1456F40-81F4-4166-A327-35AD53E2A36A",
"versionEndExcluding": "142.0.7444.135",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"id": "CVE-2025-12727",
"lastModified": "2025-11-25T14:53:03.100",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-11-10T20:15:39.833",
"references": [
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop.html"
},
{
"source": "chrome-cve-admin@google.com",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://issues.chromium.org/issues/454485895"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…