Function Call with Incorrectly Specified Arguments Affecting chromium package, versions [,136.0.7103.113)

Q: How to fix?

Upgrade chromium to version 136.0.7103.113 or higher.

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-UNMANAGED-CHROMIUM-10245169
published25 May 2025
disclosed21 May 2025
creditMicky

Report a new vulnerability Found a mistake?

Introduced: 21 May 2025

CVE-2025-4609 (opens in a new tab) CWE-628 (opens in a new tab)

How to fix?

Upgrade chromium to version 136.0.7103.113 or higher.

Overview

Affected versions of this package are vulnerable to Function Call with Incorrectly Specified Arguments via an incorrect handle provided in unspecified circumstances in Mojo. An attacker can reflect a broker-initiated transport back to a broker, which ultimately allows for handle leaks if the reflected transport is later used to deserialize another transport containing handles.

References

CVSS Base Scores

version 4.0

version 3.1

Attack Vector (AV)
Network
Attack Complexity (AC)
High
Attack Requirements (AT)
None
Privileges Required (PR)
None
User Interaction (UI)
Passive

Confidentiality (VC)
High
Integrity (VI)
High
Availability (VA)
High

Confidentiality (SC)
None
Integrity (SI)
None
Availability (SA)
None