git: 1c919c5a3481 - main - security/vuxml: add www/*chromium < 137.0.7151.103
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 17 Jun 2025 07:02:04 UTC
The branch main has been updated by rnagy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=1c919c5a3481ac9e7d8e49998c01f910f80f7b81
commit 1c919c5a3481ac9e7d8e49998c01f910f80f7b81
Author: Robert Nagy <rnagy@FreeBSD.org>
AuthorDate: 2025-06-17 07:01:26 +0000
Commit: Robert Nagy <rnagy@FreeBSD.org>
CommitDate: 2025-06-17 07:01:26 +0000
security/vuxml: add www/*chromium < 137.0.7151.103
Obtained from: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html
Obtained from: https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html
---
security/vuxml/vuln/2025.xml | 70 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 70 insertions(+)
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index bb00d86afdcc..db1a3573d054 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,73 @@
+ <vuln vid="e3d6d485-c93c-4ada-90b3-09f1c454fb8a">
+ <topic>chromium -- multiple security fixes</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>137.0.7151.103</lt></range>
+ </package>
+ <package>
+ <name>ungoogled-chromium</name>
+ <range><lt>137.0.7151.103</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html">
+ <p>This update includes 2 security fixes:</p>
+ <ul>
+ <li>[$8000][420150619] High CVE-2025-5958: Use after free in Media. Reported by Huang Xilin of Ant Group Light-Year Security Lab on 2025-05-25</li>
+ <li>[NA][422313191] High CVE-2025-5959: Type Confusion in V8. Reported by Seunghyun Lee as part of TyphoonPWN 2025 on 2025-06-04</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-5958</cvename>
+ <cvename>CVE-2025-5959</cvename>
+ <url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_10.html</url>
+ </references>
+ <dates>
+ <discovery>2025-06-10</discovery>
+ <entry>2025-06-17</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="4323e86c-2422-4fd7-8c8f-ec71c81ea7dd">
+ <topic>chromium -- multiple security fixes</topic>
+ <affects>
+ <package>
+ <name>chromium</name>
+ <range><lt>137.0.7151.68</lt></range>
+ </package>
+ <package>
+ <name>ungoogled-chromium</name>
+ <range><lt>137.0.7151.68</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Chrome Releases reports:</p>
+ <blockquote cite="https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html">
+ <p>This update includes 3 security fixes:</p>
+ <ul>
+ <li>[420636529] High CVE-2025-5419: Out of bounds read and write in V8. Reported by Clement Lecigne and BenoƮt Sevens of Google Threat Analysis Group on 2025-05-27. This issue was mitigated on 2025-05-28 by a configuration change pushed out to Stable across all Chrome platforms.</li>
+ <li>[409059706] Medium CVE-2025-5068: Use after free in Blink. Reported by Walkman on 2025-04-07</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-5419</cvename>
+ <cvename>CVE-2025-5068</cvename>
+ <url>https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html</url>
+ </references>
+ <dates>
+ <discovery>2025-06-02</discovery>
+ <entry>2025-06-17</entry>
+ </dates>
+ </vuln>
+
<vuln vid="201cccc1-4a01-11f0-b0f8-b42e991fc52e">
<topic>Mozilla -- control access bypass</topic>
<affects>