Chromium: CVE-2025-1917 Inappropriate Implementation in Browser UI

Chromium: CVE-2025-1916 Use after free in Profiles

Chromium: CVE-2025-1915 Improper Limitation of a Pathname to a Restricted Directory in DevTools

Chromium: CVE-2025-1914 Out of bounds read in V8

Stream HTTP wrapper truncates redirect location to 1024 bytes

Mishandling of comma during folding and unicode-encoding of email headers

This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.

Stream HTTP wrapper header check might omit basic auth header

pgsql extension does not check for errors during escaping

Streams HTTP wrapper does not fail for headers with invalid name and no colon

libarchive bsdunzip.c list null pointer dereference

Arbitrary Code Execution via Crafted Keras Config for Model Loading

arrayLimit bypass in bracket notation allows DoS via memory exhaustion

Chromium: CVE-2025-14766 Use after free in WebGPU

Chromium: CVE-2025-14765 Out of bounds read and write in V8

Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)

Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow

Chromium: CVE-2025-14373 Inappropriate implementation in Toolbar

Chromium: CVE-2025-14372 Use after free in Password Manager