Debian Chromium vulnerabilities

CVE-2019-13661 [MEDIUM] CVE-2019-13661: chromium - UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote ... UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78.0.3904.87-1)

CVE-2019-5844 [MEDIUM] CVE-2019-5844: chromium - Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allow... Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved

CVE-2019-5861 [MEDIUM] CVE-2019-5861: chromium - Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 all... Insufficient data validation in Blink in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to bypass anti-clickjacking policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: resolved (f

CVE-2019-5840 [MEDIUM] CVE-2019-5840: chromium - Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.377... Incorrect security UI in popup blocker in Google Chrome on iOS prior to 75.0.3770.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: reso

CVE-2019-13704 [MEDIUM] CVE-2019-13704: chromium - Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.390... Insufficient policy enforcement in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: re

CVE-2019-13742 [MEDIUM] CVE-2019-13742: chromium - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 a... Incorrect security UI in Omnibox in Google Chrome on iOS prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) t

CVE-2019-13756 [MEDIUM] CVE-2019-13756: chromium - Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed... Incorrect security UI in printing in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixed in 79

CVE-2019-5805 [MEDIUM] CVE-2019-5805: chromium - Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remot... Use-after-free in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.108-1) trixie: resolved (fixed

CVE-2019-13683 [MEDIUM] CVE-2019-13683: chromium - Insufficient policy enforcement in developer tools in Google Chrome prior to 77.... Insufficient policy enforcement in developer tools in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resol

CVE-2019-13663 [MEDIUM] CVE-2019-13663: chromium - IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote ... IDN spoofing in Omnibox in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (

CVE-2019-13744 [MEDIUM] CVE-2019-13744: chromium - Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.7... Insufficient policy enforcement in cookies in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fix

CVE-2019-13711 [MEDIUM] CVE-2019-13711: chromium - Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.390... Insufficient policy enforcement in JavaScript in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (

CVE-2019-13718 [MEDIUM] CVE-2019-13718: chromium - Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 a... Insufficient data validation in Omnibox in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) tr

CVE-2019-5868 [MEDIUM] CVE-2019-5868: chromium - Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remot... Use after free in PDFium in Google Chrome prior to 76.0.3809.100 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 76.0.3809.100-1) bullseye: resolved (fixed in 76.0.3809.100-1) forky: resolved (fixed in 76.0.3809.100-1) sid: resolved (fixed in 76.0.3809.100-1) trixie: resolved (fixed

CVE-2019-13754 [MEDIUM] CVE-2019-13754: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.394... Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: re

CVE-2019-13737 [MEDIUM] CVE-2019-13737: chromium - Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3... Insufficient policy enforcement in autocomplete in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fix

CVE-2019-5857 [MEDIUM] CVE-2019-5857: chromium - Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.8... Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie:

CVE-2019-13660 [MEDIUM] CVE-2019-13660: chromium - UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote ... UI spoofing in Chromium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof notifications via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78.0.3904.87-1)

CVE-2019-5846 [MEDIUM] CVE-2019-5846: chromium - Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allow... Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved

CVE-2019-5803 [MEDIUM] CVE-2019-5803: chromium - Insufficient policy enforcement in Content Security Policy in Google Chrome prio... Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1)