VuXML: chromium -- multiple security fixes

VuXML ID	7c09fcb7-b5d6-11f0-b3f7-a8a1599412c6
Discovery	2025-10-29
Entry	2025-10-30

Chrome Releases reports:

This update includes 20 security fixes:

[447613211] High CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2025-09-26

[450618029] High CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang on 2025-10-10

[442860743] High CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about on 2025-09-04

[436887350] High CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2025-08-06

[439522866] High CVE-2025-12432: Race in V8. Reported by Google Big Sleep on 2025-08-18

[449760249] High CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep on 2025-10-07

[452296415] High CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep on 2025-10-15

[337356054] Medium CVE-2025-12434: Race in Storage. Reported by Lijo A.T on 2024-04-27

[446463993] Medium CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh on 2025-09-21

[40054742] Medium CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_) on 2021-02-08

[446294487] Medium CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq on 2025-09-20

[433027577] Medium CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab on 2025-07-20

[382234536] Medium CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick on 2024-12-04

[430555440] Low CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani on 2025-07-09

[444049512] Medium CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep on 2025-09-10

[452071845] Medium CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research on 2025-10-15

[390571618] Low CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf on 2025-01-18

[428397712] Low CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner on 2025-06-29

[444932667] Low CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh on 2025-09-14

[442636157] Low CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani on 2025-09-03

[source]

CVE Name	CVE-2025-12036
CVE Name	CVE-2025-12428
CVE Name	CVE-2025-12429
CVE Name	CVE-2025-12430
CVE Name	CVE-2025-12431
CVE Name	CVE-2025-12432
CVE Name	CVE-2025-12433
CVE Name	CVE-2025-12434
CVE Name	CVE-2025-12435
CVE Name	CVE-2025-12436
CVE Name	CVE-2025-12437
CVE Name	CVE-2025-12438
CVE Name	CVE-2025-12439
CVE Name	CVE-2025-12440
CVE Name	CVE-2025-12441
CVE Name	CVE-2025-12443
CVE Name	CVE-2025-12444
CVE Name	CVE-2025-12445
CVE Name	CVE-2025-12446
CVE Name	CVE-2025-12447
URL	https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-desktop_28.html

chromium -- multiple security fixes

Details

References