Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-0906
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    25 packages
    • chromedriver
    • netflix
    • mkchromecast
    • chrome-export
    • go-chromecast
    • google-chrome
    • chrome-token-signing
    • chrome-pak-customizer
    • curl-impersonate-chrome
    • undetected-chromedriver
    • electron-chromedriver_33
    • grafanaPlugins.ventura-psychrometric-panel
    • python313Packages.undetected-chromedriver
    • python312Packages.undetected-chromedriver
    • python313Packages.pychromecast
    • python312Packages.pychromecast
    • noto-fonts-monochrome-emoji
    • ocamlPackages.chrome-trace
    • xorg.xf86videoopenchrome
    • electron-chromedriver_39
    • electron-chromedriver_38
    • electron-chromedriver_37
    • electron-chromedriver_36
    • electron-chromedriver_35
    • electron-chromedriver_34
    2 months ago
  • @LeSuisse dismissed 2 months ago
Incorrect security UI in Google Chrome on Android prior to …

Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

References

Affected products

Chrome
  • <144.0.7559.59 
Seem to only impact Chrome on Android (and it's already upgrade in nixpkgs)