Debian Chromium vulnerabilities

CVE-2019-5852 [MEDIUM] CVE-2019-5852: chromium - Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.8... Inappropriate implementation in JavaScript in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Scope: local bookworm: resolved (fixed in 76.0.3809.87-1) bullseye: resolved (fixed in 76.0.3809.87-1) forky: resolved (fixed in 76.0.3809.87-1) sid: resolved (fixed in 7

CVE-2019-5837 [MEDIUM] CVE-2019-5837: chromium - Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.8... Resource size information leakage in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 75.0.3770.80-1) bullseye: resolved (fixed in 75.0.3770.80-1) forky: resolved (fixed in 75.0.3770.80-1) sid: resolved (fixed in 75.0.3770.80-1) trixie: resolved (fixed

CVE-2019-5869 [MEDIUM] CVE-2019-5869: chromium - Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote... Use after free in Blink in Google Chrome prior to 76.0.3809.132 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 7

CVE-2019-5767 [MEDIUM] CVE-2019-5767: chromium - Insufficient protection of permission UI in WebAPKs in Google Chrome on Android ... Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fi

CVE-2019-13684 [MEDIUM] CVE-2019-13684: chromium - Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.8... Inappropriate implementation in JavaScript in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Scope: local bookworm: resolved (fixed in 72.0.3626.81-1) bullseye: resolved (fixed in 72.0.3626.81-1) forky: resolved (fixed in 72.0.3626.81-1) sid: resolved (fixed in 72.0.3626.81-1) trixie: resolved (fix

CVE-2019-20503 [MEDIUM] CVE-2019-20503: chromium - usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_in... usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_addresses_from_init. Scope: local bookworm: resolved (fixed in 80.0.3987.149-1) bullseye: resolved (fixed in 80.0.3987.149-1) forky: resolved (fixed in 80.0.3987.149-1) sid: resolved (fixed in 80.0.3987.149-1) trixie: resolved (fixed in 80.0.3987.149-1)

CVE-2019-5798 [MEDIUM] CVE-2019-5798: chromium - Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 a... Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Scope: local bookworm: resolved (fixed in 73.0.3683.75-1) bullseye: resolved (fixed in 73.0.3683.75-1) forky: resolved (fixed in 73.0.3683.75-1) sid: resolved (fixed in 73.0.3683.75-1) trixie: reso

CVE-2019-13702 [HIGH] CVE-2019-13702: chromium - Inappropriate implementation in installer in Google Chrome on Windows prior to 7... Inappropriate implementation in installer in Google Chrome on Windows prior to 78.0.3904.70 allowed a local attacker to perform privilege escalation via a crafted executable. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5812 [MEDIUM] CVE-2019-5812: chromium - Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed... Inadequate security UI in iOS UI in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5761 [HIGH] CVE-2019-5761: chromium - Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 7... Incorrect object lifecycle management in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5873 [MEDIUM] CVE-2019-5873: chromium - Insufficient policy validation in navigation in Google Chrome on iOS prior to 77... Insufficient policy validation in navigation in Google Chrome on iOS prior to 77.0.3865.75 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5816 [HIGH] CVE-2019-5816: chromium - Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.... Process lifetime issue in Chrome in Google Chrome on Android prior to 74.0.3729.108 allowed a remote attacker to potentially persist an exploited process via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5817 [HIGH] CVE-2019-5817: chromium - Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108... Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13679 [LOW] CVE-2019-13679: chromium - Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75... Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. Scope: local bookworm: resolved (fixed in 78.0.3904.87-1) bullseye: resolved (fixed in 78.0.3904.87-1) forky: resolved (fixed in 78.0.3904.87-1) sid: resolved (fixed in 78.0.3904.87-1) trixie: resolved (fixed in 78.

CVE-2019-5801 [MEDIUM] CVE-2019-5801: chromium - Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.... Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5834 [MEDIUM] CVE-2019-5834: chromium - Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 all... Insufficient data validation in Blink in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5771 [HIGH] CVE-2019-5771: chromium - An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3... An incorrect JIT of GLSL shaders in SwiftShader in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5804 [MEDIUM] CVE-2019-5804: chromium - Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.... Incorrect command line processing in Chrome in Google Chrome prior to 73.0.3683.75 allowed a local attacker to perform domain spoofing via a crafted domain name. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13762 [LOW] CVE-2019-13762: chromium - Insufficient policy enforcement in downloads in Google Chrome on Windows prior t... Insufficient policy enforcement in downloads in Google Chrome on Windows prior to 79.0.3945.79 allowed a local attacker to spoof downloaded files via local code. Scope: local bookworm: resolved (fixed in 79.0.3945.79-1) bullseye: resolved (fixed in 79.0.3945.79-1) forky: resolved (fixed in 79.0.3945.79-1) sid: resolved (fixed in 79.0.3945.79-1) trixie: resolved (fix

CVE-2019-15903 [HIGH] CVE-2019-15903: chromium - In libexpat before 2.2.8, crafted XML input could fool the parser into changing ... In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved