Debian Chromium vulnerabilities

CVE-2019-5879 [MEDIUM] CVE-2019-5879: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.386... Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolv

CVE-2019-5802 [MEDIUM] CVE-2019-5802: chromium - Incorrect handling of download origins in Navigation in Google Chrome prior to 7... Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: reso

CVE-2019-5864 [MEDIUM] CVE-2019-5864: chromium - Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allo... Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: r

CVE-2019-13680 [MEDIUM] CVE-2019-13680: chromium - Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allow... Inappropriate implementation in TLS in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof client IP address to websites via crafted TLS connections. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: res

CVE-2019-5781 [MEDIUM] CVE-2019-5781: chromium - Incorrect handling of a confusable character in Omnibox in Google Chrome prior t... Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.

CVE-2019-5842 [MEDIUM] CVE-2019-5842: chromium - Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote ... Use after free in Blink in Google Chrome prior to 75.0.3770.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.90-1) bullseye: resolved (fixed in 75.0.3770.90-1) forky: resolved (fixed in 75.0.3770.90-1) sid: resolved (fixed in 75.0.3770.90-1) trixie: resolved (fixed in 75

CVE-2019-13681 [MEDIUM] CVE-2019-13681: chromium - Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75... Insufficient data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved

CVE-2019-13707 [MEDIUM] CVE-2019-13707: chromium - Insufficient validation of untrusted input in intents in Google Chrome on Androi... Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: re

CVE-2019-5768 [MEDIUM] CVE-2019-5768: chromium - DevTools API not correctly gating on extension capability in DevTools in Google ... DevTools API not correctly gating on extension capability in DevTools in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to read local files via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.

CVE-2019-13713 [MEDIUM] CVE-2019-13713: chromium - Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.390... Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (

CVE-2019-5839 [MEDIUM] CVE-2019-5839: chromium - Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 a... Excessive data validation in URL parser in Google Chrome prior to 75.0.3770.80 allowed a remote attacker who convinced a user to input a URL to bypass website URL validation via a crafted URL. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.

CVE-2019-13675 [MEDIUM] CVE-2019-13675: chromium - Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.7... Insufficient data validation in extensions in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to disable extensions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed i

CVE-2019-13740 [MEDIUM] CVE-2019-13740: chromium - Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed ... Incorrect security UI in sharing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed in 79.

CVE-2019-5765 [MEDIUM] CVE-2019-5765: chromium - An exposed debugging endpoint in the browser in Google Chrome on Android prior t... An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (f

CVE-2019-13659 [MEDIUM] CVE-2019-13659: chromium - IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote ... IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (

CVE-2019-13759 [MEDIUM] CVE-2019-13759: chromium - Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 al... Incorrect security UI in interstitials in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed

CVE-2019-5799 [MEDIUM] CVE-2019-5799: chromium - Incorrect inheritance of a new document's policy in Content Security Policy in G... Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed i

CVE-2019-13667 [MEDIUM] CVE-2019-13667: chromium - Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.38... Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87

CVE-2019-5830 [MEDIUM] CVE-2019-5830: chromium - Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 a... Insufficient policy enforcement in CORS in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved (fixed in

CVE-2019-13739 [MEDIUM] CVE-2019-13739: chromium - Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.7... Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1)