Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN708
_____________________________________________________________________

DATE                : 16/10/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): ChromeOS versions prior to 16404.45.0 (Browser
                                version 141.0.7390.115).

=====================================================================
https://chromereleases.googleblog.com/2025/10/stable-channel-update-for-chromeos_15.html
_____________________________________________________________________


Stable Channel Update for ChromeOS / ChromeOS Flex
Wednesday, October 15, 2025

M-141, ChromeOS version 16404.45.0 (Browser version 141.0.7390.115)
has rolled out to ChromeOS devices on the Stable channel. 

If you find new issues, please let us know one of the following ways:

    File a bug

    Visit our ChromeOS communities

        General: Chromebook Help Community

        Beta Specific: ChromeOS Beta Help Community

    Report an issue or send feedback on Chrome

    Interested in switching channels? Find out how.


Security Fixes and Rewards
Other 3rd Party Security Fixes Included:

High Fixes  CVE-2025-54957 Integer Overflow leading to a
Denial-of-Service (DoS) via a malicious media file.


Android Security fixes can be found here

Chrome Browser Security Fixes:

[$4000.0] [444755026] High CVE-2025-11206 Heap buffer overflow in
Video. Reported by Elias Hohl on 2025-09-12 2025-09-12 

[$25000.0] [442444724] High CVE-2025-11205 Heap buffer overflow in
WebGPU. Reported by Atte Kettunen of OUSPG on 2025-09-02

[$3000.0] [440523110] Medium CVE-2025-11210 Side-channel
information leakage in Tab. Reported by Umar Farooq  on 2025-08-22

[$TBD] [439772737] Low CVE-2025-11219 Use after free in V8.
Reported by Google Big Sleep on 2025-08-19

[$TBD] [439758498] Medium CVE-2025-11215 Off by one error in V8.
Reported by Google Big Sleep on 2025-08-19 

[$5000.0] [428189824] Medium CVE-2025-11207 Side-channel
information leakage in Storage. Reported by Alesandro Ortiz
on 2025-06-27

[$3000.0] [397878997] Medium CVE-2025-11208 Inappropriate
implementation in Media. Reported by Kevin Joensen on 2025-02-20

[$35000.0] [446722008] High CVE-2025-11460 Use after free in
Storage. Reported by Sombra on 2025-09-23

[$5000.0] [443196747] High CVE-2025-11458 Heap buffer overflow
in Sync. Reported by raven at KunLun lab on 2025-09-05

[$7000.0] [447192722] High CVE-2025-11756 Use after free in
Safe Browsing. Reported by asnine on 2025-09-25

Andy Wu

Google ChromeOS


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================