Debian Chromium vulnerabilities

CVE-2026-5905 [MEDIUM] CVE-2026-5905: chromium - Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.... Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-3929 [LOW] CVE-2026-3929: chromium - Side-channel information leakage in ResourceTiming in Google Chrome prior to 146... Side-channel information leakage in ResourceTiming in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1)

CVE-2026-5869 [LOW] CVE-2026-5869: chromium - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a ... Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5867 [LOW] CVE-2026-5867: chromium - Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a ... Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5894 CVE-2026-5894: chromium - Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allo... Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5892 CVE-2026-5892: chromium - Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 ... Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-1220 CVE-2026-1220: chromium bookworm: resolved (fixed in 144.0.7559.96-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.96-1) sid: resolved (fixed in 144.0.7559.96-1) trixie: resolved (fixed in 144.0.7559.96-1~deb13u1)

CVE-2026-5883 CVE-2026-5883: chromium - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote... Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2026-5890 CVE-2026-5890: chromium - Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attac... Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

CVE-2025-4052 [CRITICAL] CVE-2025-4052: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59... Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 136.0.7103.59-2~deb12u2) bullseye: open forky: resolved (fixed

CVE-2025-10890 [CRITICAL] CVE-2025-10890: chromium - Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 ... Side-channel information leakage in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 140.0.7339.207-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.207-1) sid: resolved (fixed in 140.0.7339.207-1) tr

CVE-2025-4609 [CRITICAL] CVE-2025-4609: chromium - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome ... Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 136.0.7103.113-1~deb12u1) bullseye: open forky: resolved (fixed in 136.0.7103.113-1)

CVE-2025-10585 [CRITICAL] CVE-2025-10585: chromium - Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote a... Type confusion in V8 in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 140.0.7339.185-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.185-1) sid: resolved (fixed in 140.0.7339.185-1) trixie:

CVE-2025-24201 [CRITICAL] CVE-2025-24201: chromium - An out-of-bounds write issue was addressed with improved checks to prevent unaut... An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in Safari 18.3.1, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.2 and iPadOS 18.3.2, iPadOS 17.7.6, macOS Sequoia 15.3.2, visionOS 2.3.2, watchOS 11.4. Maliciously crafted web content may be able to break out of Web Conte

CVE-2025-10892 [HIGH] CVE-2025-10892: chromium - Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote... Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 140.0.7339.207-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.207-1) sid: resolved (fixed in 140.0.7339.207-1) trixie: r

CVE-2025-7656 [HIGH] CVE-2025-7656: chromium - Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote... Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 138.0.7204.157-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.157-1) sid: resolved (fixed in 138.0.7204.157-1) trixie: res

CVE-2025-4372 [HIGH] CVE-2025-4372: chromium - Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a rem... Use after free in WebAudio in Google Chrome prior to 136.0.7103.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 136.0.7103.92-1~deb12u1) bullseye: open forky: resolved (fixed in 136.0.7103.92-1) sid: resolved (fixed in 136.0.7103.92-1) trixie: r

CVE-2025-10891 [HIGH] CVE-2025-10891: chromium - Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote... Integer overflow in V8 in Google Chrome prior to 140.0.7339.207 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 140.0.7339.207-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.207-1) sid: resolved (fixed in 140.0.7339.207-1) trixie: r

CVE-2025-2135 [HIGH] CVE-2025-2135: chromium - Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 134.0.6998.88-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.88-1) sid: resolved (fixed in 134.0.6998.88-1) trixie: resolved

CVE-2025-1916 [HIGH] CVE-2025-1916: chromium - Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an at... Use after free in Profiles in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.35-1) si