Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 11 of 109

CVE-2025-2137HIGHCVSS 8.8fixed in chromium 134.0.6998.88-1~deb12u1 (bookworm)2025

CVE-2025-2137 [HIGH] CVE-2025-2137: chromium - Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remot... Out of bounds read in V8 in Google Chrome prior to 134.0.6998.88 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 134.0.6998.88-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.88-1) sid: resolved (fixed in 134.0.6998.88-1) trixie: res

debian

CVE-2025-12428HIGHCVSS 8.8fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-12428 [HIGH] CVE-2025-12428: chromium - Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trixie: resolved (fixe

debian

CVE-2025-13639HIGHCVSS 8.1fixed in chromium 143.0.7499.40-1~deb12u1 (bookworm)2025

CVE-2025-13639 [HIGH] CVE-2025-13639: chromium - Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 a... Inappropriate implementation in WebRTC in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (fixed in 143.0.7499.40-1) trixi

debian

CVE-2025-11460HIGHCVSS 8.8fixed in chromium 141.0.7390.65-1~deb12u1 (bookworm)2025

CVE-2025-11460 [HIGH] CVE-2025-11460: chromium - Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remo... Use after free in Storage in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to execute arbitrary code via a crafted video file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 141.0.7390.65-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.65-1) sid: resolved (fixed in 141.0.7390.65-1) trixie: resolved (fixe

debian

CVE-2025-9478HIGHCVSS 8.8fixed in chromium 139.0.7258.154-1~deb12u1 (bookworm)2025

CVE-2025-9478 [HIGH] CVE-2025-9478: chromium - Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remot... Use after free in ANGLE in Google Chrome prior to 139.0.7258.154 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 139.0.7258.154-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258.154-1) sid: resolved (fixed in 139.0.7258.154-1) trixie

debian

CVE-2025-0438HIGHCVSS 8.8fixed in chromium 132.0.6834.83-1~deb12u1 (bookworm)2025

CVE-2025-0438 [HIGH] CVE-2025-0438: chromium - Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed... Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed in 132.0.6834.83-1) trix

debian

CVE-2025-8882HIGHCVSS 8.8fixed in chromium 139.0.7258.127-1~deb12u1 (bookworm)2025

CVE-2025-8882 [HIGH] CVE-2025-8882: chromium - Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote... Use after free in Aura in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 139.0.7258.127-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258.127

debian

CVE-2025-10200HIGHCVSS 8.8fixed in chromium 140.0.7339.127-1~deb12u1 (bookworm)2025

CVE-2025-10200 [HIGH] CVE-2025-10200: chromium - Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.... Use after free in Serviceworker in Google Chrome on Desktop prior to 140.0.7339.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 140.0.7339.127-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.127-1) sid: resolved (fixed in 140

debian

CVE-2025-13229HIGHCVSS 8.8fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-13229 [HIGH] CVE-2025-13229: chromium - Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trixie: resolve

debian

CVE-2025-10500HIGHCVSS 8.8fixed in chromium 140.0.7339.185-1~deb12u1 (bookworm)2025

CVE-2025-10500 [HIGH] CVE-2025-10500: chromium - Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote... Use after free in Dawn in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 140.0.7339.185-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.185-1) sid: resolved (fixed in 140.0.7339.185-1) trixie: r

debian

CVE-2025-3068HIGHCVSS 8.8fixed in chromium 135.0.7049.52-1~deb12u1 (bookworm)2025

CVE-2025-3068 [HIGH] CVE-2025-3068: chromium - Inappropriate implementation in Intents in Google Chrome on Android prior to 135... Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 135.0.7049.52-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.7049.52-1) sid: resolved (fixed in 135.0.704

debian

CVE-2025-4050HIGHCVSS 8.8fixed in chromium 136.0.7103.59-2~deb12u2 (bookworm)2025

CVE-2025-4050 [HIGH] CVE-2025-4050: chromium - Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 ... Out of bounds memory access in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 136.0.7103.59-2~deb12u2) bullseye: open forky: resolved (fixed in

debian

CVE-2025-14765HIGHCVSS 8.8fixed in chromium 143.0.7499.169-1~deb12u1 (bookworm)2025

CVE-2025-14765 [HIGH] CVE-2025-14765: chromium - Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remo... Use after free in WebGPU in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 143.0.7499.169-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.169-1) sid: resolved (fixed in 143.0.7499.169-1) trixie:

debian

CVE-2025-13633HIGHCVSS 8.8fixed in chromium 143.0.7499.40-1~deb12u1 (bookworm)2025

CVE-2025-13633 [HIGH] CVE-2025-13633: chromium - Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 al... Use after free in Digital Credentials in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1

debian

CVE-2025-13227HIGHCVSS 8.8fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-13227 [HIGH] CVE-2025-13227: chromium - Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trixie: resolve

debian

CVE-2025-13721HIGHCVSS 7.5fixed in chromium 143.0.7499.40-1~deb12u1 (bookworm)2025

CVE-2025-13721 [HIGH] CVE-2025-13721: chromium - Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to ... Race in v8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (fixed in 143.0.7499.40-1) trixie: resolved (fixed

debian

CVE-2025-7657HIGHCVSS 8.8fixed in chromium 138.0.7204.157-1~deb12u1 (bookworm)2025

CVE-2025-7657 [HIGH] CVE-2025-7657: chromium - Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remo... Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 138.0.7204.157-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.157-1) sid: resolved (fixed in 138.0.7204.157-1) trixie: r

debian

CVE-2025-5068HIGHCVSS 8.8fixed in chromium 137.0.7151.68-1~deb12u1 (bookworm)2025

CVE-2025-5068 [HIGH] CVE-2025-5068: chromium - Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote... Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 137.0.7151.68-1~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.68-1) sid: resolved (fixed in 137.0.7151.68-1) trixie: reso

debian

CVE-2025-5063HIGHCVSS 8.8fixed in chromium 137.0.7151.55-3~deb12u1 (bookworm)2025

CVE-2025-5063 [HIGH] CVE-2025-5063: chromium - Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a ... Use after free in Compositing in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 137.0.7151.55-3~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.55-1) sid: resolved (fixed in 137.0.7151.55-1) trixie:

debian

CVE-2025-6554HIGHCVSS 8.1KEVfixed in chromium 138.0.7204.92-1~deb12u1 (bookworm)2025

CVE-2025-6554 [HIGH] CVE-2025-6554: chromium - Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote at... Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 138.0.7204.92-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.92-1) sid: resolved (fixed in 138.0.7204.92-1) trixie: resolved (fixed

debian

← Previous11 / 109Next →