Debian Chromium vulnerabilities

CVE-2019-13748 [MEDIUM] CVE-2019-13748: chromium - Insufficient policy enforcement in developer tools in Google Chrome prior to 79.... Insufficient policy enforcement in developer tools in Google Chrome prior to 79.0.3945.79 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (f

CVE-2019-13763 [MEDIUM] CVE-2019-13763: chromium - Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.... Insufficient policy enforcement in payments in Google Chrome prior to 79.0.3945.79 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixe

CVE-2019-13669 [MEDIUM] CVE-2019-13669: chromium - Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 a... Incorrect data validation in navigation in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) tri

CVE-2019-5810 [MEDIUM] CVE-2019-5810: chromium - Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a r... Information leak in autofill in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 74.0.3729.108-1) bullseye: resolved (fixed in 74.0.3729.108-1) forky: resolved (fixed in 74.0.3729.108-1) sid: resolved (fixed in 74.0.3729.1

CVE-2019-13766 [MEDIUM] CVE-2019-13766: chromium - Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a... Use-after-free in accessibility in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (f

CVE-2019-13710 [MEDIUM] CVE-2019-13710: chromium - Insufficient validation of untrusted input in downloads in Google Chrome prior t... Insufficient validation of untrusted input in downloads in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) tr

CVE-2019-5786 [MEDIUM] CVE-2019-5786: chromium - Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a... Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.121-1) bullseye: resolved (fixed in 72.0.3626.121-1) forky: resolved (fixed in 72.0.3626.121-1) sid: resolved (fixed in 72.0.3626.121-1) trixi

CVE-2019-5800 [MEDIUM] CVE-2019-5800: chromium - Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 ... Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved

CVE-2019-5860 [MEDIUM] CVE-2019-5860: chromium - Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote... Use after free in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: resolved (fixed in 76

CVE-2019-5773 [MEDIUM] CVE-2019-5773: chromium - Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.... Insufficient origin validation in IndexedDB in Google Chrome prior to 72.0.3626.81 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fix

CVE-2019-5778 [MEDIUM] CVE-2019-5778: chromium - A missing case for handling special schemes in permission request checks in Exte... A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved

CVE-2019-5847 [MEDIUM] CVE-2019-5847: chromium - Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.1... Inappropriate implementation in JavaScript in Google Chrome prior to 75.0.3770.142 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 76.0.3809.87-1) trixie: r

CVE-2019-5776 [MEDIUM] CVE-2019-5776: chromium - Incorrect handling of a confusable character in Omnibox in Google Chrome prior t... Incorrect handling of a confusable character in Omnibox in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.

CVE-2019-13697 [MEDIUM] CVE-2019-13697: chromium - Insufficient policy enforcement in performance APIs in Google Chrome prior to 77... Insufficient policy enforcement in performance APIs in Google Chrome prior to 77.0.3865.120 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: res

CVE-2019-13755 [MEDIUM] CVE-2019-13755: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.394... Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to disable extensions via a crafted HTML page. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fixe

CVE-2019-13701 [MEDIUM] CVE-2019-13701: chromium - Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 al... Incorrect implementation in navigation in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trix

CVE-2019-5833 [MEDIUM] CVE-2019-5833: chromium - Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.... Incorrect dialog box scoping in browser in Google Chrome on Android prior to 75.0.3770.80 allowed a remote attacker to display misleading security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie:

CVE-2019-13705 [MEDIUM] CVE-2019-13705: chromium - Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.390... Insufficient policy enforcement in extensions in Google Chrome prior to 78.0.3904.70 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid

CVE-2019-13671 [MEDIUM] CVE-2019-13671: chromium - UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote att... UI spoofing in Blink in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to spoof security UI via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78.0.3904.87-1)

CVE-2019-5845 [MEDIUM] CVE-2019-5845: chromium - Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allow... Out of bounds access in SwiftShader in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: resolved