Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 100 of 109

CVE-2019-5829HIGHCVSS 8.8fixed in chromium 75.0.3770.80-1 (bookworm)2019

CVE-2019-5829 [HIGH] CVE-2019-5829: chromium - Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allo... Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie

debian

CVE-2019-13688HIGHCVSS 8.8fixed in chromium 78.0.3904.87-1 (bookworm)2019

CVE-2019-13688 [HIGH] CVE-2019-13688: chromium - Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote ... Use after free in Blink in Google Chrome prior to 77.0.3865.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78

debian

CVE-2019-5792HIGHCVSS 8.8fixed in chromium 73.0.3683.75-1 (bookworm)2019

CVE-2019-5792 [HIGH] CVE-2019-5792: chromium - Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remo... Integer overflow in PDFium in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved

debian

CVE-2019-13692HIGHCVSS 8.8fixed in chromium 78.0.3904.87-1 (bookworm)2019

CVE-2019-13692 [HIGH] CVE-2019-13692: chromium - Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.38... Insufficient policy enforcement in reader mode in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass site isolation via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fi

debian

CVE-2019-13728HIGHCVSS 8.8fixed in chromium 79.0.3945.79-1 (bookworm)2019

CVE-2019-13728 [HIGH] CVE-2019-13728: chromium - Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed... Out of bounds write in JavaScript in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (f

debian

CVE-2019-19925HIGHCVSS 7.5fixed in chromium 80.0.3987.106-1 (bookworm)2019

CVE-2019-19925 [HIGH] CVE-2019-19925: chromium - zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname ... zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles a NULL pathname during an update of a ZIP archive. Scope: local bookworm: resolved (fixed in 80.0.3987.106-1) bullseye: resolved (fixed in 80.0.3987.106-1) forky: resolved (fixed in 80.0.3987.106-1) sid: resolved (fixed in 80.0.3987.106-1) trixie: resolved (fixed in 80.0.3987.106-1)

debian

CVE-2019-13700HIGHCVSS 8.8fixed in chromium 78.0.3904.87-1 (bookworm)2019

CVE-2019-13700 [HIGH] CVE-2019-13700: chromium - Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.39... Out of bounds memory access in the gamepad API in Google Chrome prior to 78.0.3904.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid:

debian

CVE-2019-13736HIGHCVSS 8.8fixed in chromium 79.0.3945.79-1 (bookworm)2019

CVE-2019-13736 [HIGH] CVE-2019-13736: chromium - Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remo... Integer overflow in PDFium in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed in

debian

CVE-2019-5757HIGHCVSS 8.8fixed in chromium 72.0.3626.81-1 (bookworm)2019

CVE-2019-5757 [HIGH] CVE-2019-5757: chromium - An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.8... An incorrect object type assumption in SVG in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie: re

debian

CVE-2019-5780HIGHCVSS 7.8fixed in chromium 72.0.3626.81-1 (bookworm)2019

CVE-2019-5780 [HIGH] CVE-2019-5780: chromium - Insufficient restrictions on what can be done with Apple Events in Google Chrome... Insufficient restrictions on what can be done with Apple Events in Google Chrome on macOS prior to 72.0.3626.81 allowed a local attacker to execute JavaScript via Apple Events. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie:

debian

CVE-2019-5828HIGHCVSS 8.8fixed in chromium 75.0.3770.80-1 (bookworm)2019

CVE-2019-5828 [HIGH] CVE-2019-5828: chromium - Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 a... Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) tri

debian

CVE-2019-5774HIGHCVSS 8.8fixed in chromium 72.0.3626.81-1 (bookworm)2019

CVE-2019-5774 [HIGH] CVE-2019-5774: chromium - Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsi... Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google Chrome on Linux prior to 72.0.3626.81 allowed an attacker who convinced a user to download a .desktop file to execute arbitrary code via a downloaded .desktop file. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: r

debian

CVE-2019-13706HIGHCVSS 7.8fixed in chromium 78.0.3904.87-1 (bookworm)2019

CVE-2019-13706 [HIGH] CVE-2019-13706: chromium - Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 all... Out of bounds memory access in PDFium in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved

debian

CVE-2019-13666HIGHCVSS 7.4fixed in chromium 78.0.3904.87-1 (bookworm)2019

CVE-2019-13666 [HIGH] CVE-2019-13666: chromium - Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a rem... Information leak in storage in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78.0.3904.8

debian

CVE-2019-5858HIGHCVSS 8.8fixed in chromium 76.0.3809.87-1 (bookworm)2019

CVE-2019-5858 [HIGH] CVE-2019-5858: chromium - Incorrect security UI in MacOS services integration in Google Chrome on OS X pri... Incorrect security UI in MacOS services integration in Google Chrome on OS X prior to 76.0.3809.87 allowed a local attacker to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: r

debian

CVE-2019-5819HIGHCVSS 7.8fixed in chromium 74.0.3729.108-1 (bookworm)2019

CVE-2019-5819 [HIGH] CVE-2019-5819: chromium - Insufficient data validation in developer tools in Google Chrome on OS X prior t... Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.372

debian

CVE-2019-5764HIGHCVSS 8.8fixed in chromium 72.0.3626.81-1 (bookworm)2019

CVE-2019-5764 [HIGH] CVE-2019-5764: chromium - Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 al... Incorrect pointer management in WebRTC in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie: resolved

debian

CVE-2019-13698HIGHCVSS 8.8fixed in chromium 74.0.3729.108-1 (bookworm)2019

CVE-2019-13698 [HIGH] CVE-2019-13698: chromium - Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.10... Out of bounds memory access in JavaScript in Google Chrome prior to 73.0.3683.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie

debian

CVE-2019-13721HIGHCVSS 8.8fixed in chromium 78.0.3904.87-1 (bookworm)2019

CVE-2019-13721 [HIGH] CVE-2019-13721: chromium - Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote... Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 7

debian

CVE-2019-5824HIGHCVSS 8.8fixed in chromium 75.0.3770.80-1 (bookworm)2019

CVE-2019-5824 [HIGH] CVE-2019-5824: chromium - Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed... Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved (fix

debian

← Previous100 / 109Next →