Debian Chromium vulnerabilities

CVE-2019-5784 [MEDIUM] CVE-2019-5784: chromium - Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96... Incorrect handling of deferred code in V8 in Google Chrome prior to 72.0.3626.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.109-1) bullseye: resolved (fixed in 72.0.3626.109-1) forky: resolved (fixed in 72.0.3626.109-1) sid: resolved (fixed in 72.0.3626.109-1) trixie:

CVE-2019-13743 [MEDIUM] CVE-2019-13743: chromium - Incorrect security UI in external protocol handling in Google Chrome prior to 79... Incorrect security UI in external protocol handling in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved

CVE-2019-5867 [MEDIUM] CVE-2019-5867: chromium - Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed... Out of bounds read in JavaScript in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.100-1) bullseye: resolved (fixed in 76.0.3809.100-1) forky: resolved (fixed in 76.0.3809.100-1) sid: resolved (fixed in 76.0.3809.100-1) trixie: resolve

CVE-2019-5825 [MEDIUM] CVE-2019-5825: chromium - Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed... Out of bounds write in JavaScript in Google Chrome prior to 73.0.3683.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved (f

CVE-2019-5826 [MEDIUM] CVE-2019-5826: chromium - Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a rem... Use after free in IndexedDB in Google Chrome prior to 73.0.3683.86 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in

CVE-2019-5793 [MEDIUM] CVE-2019-5793: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.368... Insufficient policy enforcement in extensions in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to initiate the extensions installation user interface via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.36

CVE-2019-13714 [MEDIUM] CVE-2019-13714: chromium - Insufficient validation of untrusted input in Color Enhancer extension in Google... Insufficient validation of untrusted input in Color Enhancer extension in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to inject CSS into an HTML page via a crafted URL. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904

CVE-2019-13761 [MEDIUM] CVE-2019-13761: chromium - Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed ... Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: r

CVE-2019-13691 [MEDIUM] CVE-2019-13691: chromium - Insufficient validation of untrusted input in navigation in Google Chrome prior ... Insufficient validation of untrusted input in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78

CVE-2019-5814 [MEDIUM] CVE-2019-5814: chromium - Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108... Insufficient policy enforcement in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie: resolved (fi

CVE-2019-13749 [MEDIUM] CVE-2019-13749: chromium - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 a... Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) tri

CVE-2019-13678 [MEDIUM] CVE-2019-13678: chromium - Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 al... Incorrect data validation in downloads in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed

CVE-2019-13745 [MEDIUM] CVE-2019-13745: chromium - Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 ... Insufficient policy enforcement in audio in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed

CVE-2019-5775 [MEDIUM] CVE-2019-5775: chromium - Incorrect handling of a confusable character in Omnibox in Google Chrome prior t... Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.

CVE-2019-5766 [MEDIUM] CVE-2019-5766: chromium - Incorrect handling of origin taint checking in Canvas in Google Chrome prior to ... Incorrect handling of origin taint checking in Canvas in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie: reso

CVE-2019-5777 [MEDIUM] CVE-2019-5777: chromium - Incorrect handling of a confusable character in Omnibox in Google Chrome prior t... Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.

CVE-2019-13662 [MEDIUM] CVE-2019-13662: chromium - Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.38... Insufficient policy enforcement in navigations in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: r

CVE-2019-13703 [MEDIUM] CVE-2019-13703: chromium - Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior... Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 7

CVE-2019-13757 [MEDIUM] CVE-2019-13757: chromium - Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed ... Incorrect security UI in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: r

CVE-2019-5848 [MEDIUM] CVE-2019-5848: chromium - Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allo... Incorrect font handling in autofill in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.38