Debian Chromium vulnerabilities

CVE-2026-5288 [CRITICAL] CVE-2026-5288: chromium - Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 al... Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.

CVE-2026-3916 [CRITICAL] CVE-2026-3916: chromium - Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed... Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1)

CVE-2026-5874 [CRITICAL] CVE-2026-5874: chromium - Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a re... Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-0906 [CRITICAL] CVE-2026-0906: chromium - Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowe... Incorrect security UI in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 144.0.7559.59-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.59-1) sid: resolved (fixed in 144.0.7559.

CVE-2026-0905 [CRITICAL] CVE-2026-0905: chromium - Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.... Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a network log file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 144.0.7559.59-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7

CVE-2026-5290 [CRITICAL] CVE-2026-5290: chromium - Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a... Use after free in Compositing in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1)

CVE-2026-3062 [CRITICAL] CVE-2026-3062: chromium - Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632... Out of bounds read and write in Tint in Google Chrome on Mac prior to 145.0.7632.116 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.116-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.116-1) sid: resolved (fixed in 145.

CVE-2026-3061 [CRITICAL] CVE-2026-3061: chromium - Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a r... Out of bounds read in Media in Google Chrome prior to 145.0.7632.116 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.116-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.116-1) sid: resolved (fixed in 145.0.7632.116-1) t

CVE-2026-5902 [CRITICAL] CVE-2026-5902: chromium - Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remot... Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-0907 [CRITICAL] CVE-2026-0907: chromium - Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allo... Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 144.0.7559.59-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.59-1) sid: resolved (fixed in 144.0.7559.59-1) trixie: resolve

CVE-2026-5289 [CRITICAL] CVE-2026-5289: chromium - Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a ... Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) s

CVE-2026-3545 [CRITICAL] CVE-2026-3545: chromium - Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.... Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.159-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.159-1) sid: resolved (fixed in 145.

CVE-2026-5286 [HIGH] CVE-2026-5286: chromium - Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote... Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie: resolved (fixed

CVE-2026-4676 [HIGH] CVE-2026-4676: chromium - Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote... Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.164-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.164-1) sid: resolved (fixed in 146.0.7680.164-1) trixie: re

CVE-2026-3909 [HIGH] CVE-2026-3909: chromium - Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a re... Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.80-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.80-1) sid: resolved (fixed in 146.0.7680.80-1) trixie: re

CVE-2026-4673 [HIGH] CVE-2026-4673: chromium - Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowe... Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.164-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.164-1) sid: resolved (fixed in 146.0.7680.164-1)

CVE-2026-5879 [HIGH] CVE-2026-5879: chromium - Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prio... Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5862 [HIGH] CVE-2026-5862: chromium - Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allow... Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5877 [HIGH] CVE-2026-5877: chromium - Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a r... Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5908 [HIGH] CVE-2026-5908: chromium - Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remo... Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open