Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 12 of 109

CVE-2025-9132HIGHCVSS 8.8fixed in chromium 139.0.7258.138-1~deb12u1 (bookworm)2025

CVE-2025-9132 [HIGH] CVE-2025-9132: chromium - Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a rem... Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 139.0.7258.138-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258.138-1) sid: resolved (fixed in 139.0.7258.138-1) trixie:

debian

CVE-2025-1426HIGHCVSS 8.8fixed in chromium 133.0.6943.126-1~deb12u1 (bookworm)2025

CVE-2025-1426 [HIGH] CVE-2025-1426: chromium - Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 ... Heap buffer overflow in GPU in Google Chrome on Android prior to 133.0.6943.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 133.0.6943.126-1~deb12u1) bullseye: open forky: resolved (fixed in 133.0.6943.126-1) sid: resolved (fixed in 133.0.6943.12

debian

CVE-2025-12036HIGHCVSS 8.8fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-12036 [HIGH] CVE-2025-12036: chromium - Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allow... Out of bounds memory access in V8 in Google Chrome prior to 141.0.7390.122 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) t

debian

CVE-2025-3620HIGHCVSS 8.8fixed in chromium 135.0.7049.95-1~deb12u1 (bookworm)2025

CVE-2025-3620 [HIGH] CVE-2025-3620: chromium - Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote a... Use after free in USB in Google Chrome prior to 135.0.7049.95 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 135.0.7049.95-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.7049.95-1) sid: resolved (fixed in 135.0.7049.95-1) trixie: resolved

debian

CVE-2025-10501HIGHCVSS 8.8fixed in chromium 140.0.7339.185-1~deb12u1 (bookworm)2025

CVE-2025-10501 [HIGH] CVE-2025-10501: chromium - Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remo... Use after free in WebRTC in Google Chrome prior to 140.0.7339.185 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 140.0.7339.185-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.185-1) sid: resolved (fixed in 140.0.7339.185-1) trixie:

debian

CVE-2025-12430HIGHCVSS 7.5fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-12430 [HIGH] CVE-2025-12430: chromium - Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed ... Object lifecycle issue in Media in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trixie: resolved (fi

debian

CVE-2025-13720HIGHCVSS 8.8fixed in chromium 143.0.7499.40-1~deb12u1 (bookworm)2025

CVE-2025-13720 [HIGH] CVE-2025-13720: chromium - Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote atta... Bad cast in Loader in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (

debian

CVE-2025-8010HIGHCVSS 8.8fixed in chromium 138.0.7204.168-1~deb12u1 (bookworm)2025

CVE-2025-8010 [HIGH] CVE-2025-8010: chromium - Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 138.0.7204.168-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.168-1) sid: resolved (fixed in 138.0.7204.168-1) trixie: resol

debian

CVE-2025-12727HIGHCVSS 8.8fixed in chromium 142.0.7444.134-1~deb12u1 (bookworm)2025

CVE-2025-12727 [HIGH] CVE-2025-12727: chromium - Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allo... Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.134-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.134-1) sid: resolved (fixed in 142.0.7444.134-

debian

CVE-2025-11458HIGHCVSS 8.1fixed in chromium 141.0.7390.65-1~deb12u1 (bookworm)2025

CVE-2025-11458 [HIGH] CVE-2025-11458: chromium - Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a r... Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 141.0.7390.65-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.65-1) sid: resolved (fixed in 141.0.7390.65-1) trixie

debian

CVE-2025-8292HIGHCVSS 8.8fixed in chromium 138.0.7204.183-1~deb12u1 (bookworm)2025

CVE-2025-8292 [HIGH] CVE-2025-8292: chromium - Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed ... Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 138.0.7204.183-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.183-1) sid: resolved (fixed in 138.0.7204.183-1) tri

debian

CVE-2025-6192HIGHCVSS 8.8fixed in chromium 137.0.7151.119-1~deb12u1 (bookworm)2025

CVE-2025-6192 [HIGH] CVE-2025-6192: chromium - Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a rem... Use after free in Metrics in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 137.0.7151.119-1~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.119-1) sid: resolved (fixed in 137.0.7151.119-1) trixie:

debian

CVE-2025-9866HIGHCVSS 8.8fixed in chromium 140.0.7339.80-1~deb12u1 (bookworm)2025

CVE-2025-9866 [HIGH] CVE-2025-9866: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.... Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.80-1) sid: resolved (fixed in 140.0.7339.80-1

debian

CVE-2025-3067HIGHCVSS 8.6fixed in chromium 135.0.7049.52-1~deb12u1 (bookworm)2025

CVE-2025-3067 [HIGH] CVE-2025-3067: chromium - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to... Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted app. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 135.0.7049.52-1~deb12u1) bullseye: open forky: resolved (fixed

debian

CVE-2025-13631HIGHCVSS 8.8fixed in chromium 143.0.7499.40-1~deb12u1 (bookworm)2025

CVE-2025-13631 [HIGH] CVE-2025-13631: chromium - Inappropriate implementation in Google Updater in Google Chrome on Mac prior to ... Inappropriate implementation in Google Updater in Google Chrome on Mac prior to 143.0.7499.41 allowed a remote attacker to perform privilege escalation via a crafted file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (fixed in 143.0.7499.

debian

CVE-2025-2476HIGHCVSS 8.8fixed in chromium 134.0.6998.117-1~deb12u1 (bookworm)2025

CVE-2025-2476 [HIGH] CVE-2025-2476: chromium - Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote... Use after free in Lens in Google Chrome prior to 134.0.6998.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 134.0.6998.117-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.117-1) sid: resolved (fixed in 134.0.6998.117-1) trixie:

debian

CVE-2025-11211HIGHCVSS 7.5fixed in chromium 141.0.7390.65-1~deb12u1 (bookworm)2025

CVE-2025-11211 [HIGH] CVE-2025-11211: chromium - Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a re... Out of bounds read in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 141.0.7390.65-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.65-1) sid: resolved (fixed in 141.0.7390.

debian

CVE-2025-0447HIGHCVSS 8.8fixed in chromium 132.0.6834.83-1~deb12u1 (bookworm)2025

CVE-2025-0447 [HIGH] CVE-2025-0447: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.... Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed in 132.0.6834.83-1) tri

debian

CVE-2025-13224HIGHCVSS 8.8fixed in chromium 142.0.7444.175-1~deb12u1 (bookworm)2025

CVE-2025-13224 [HIGH] CVE-2025-13224: chromium - Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.175-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.175-1) sid: resolved (fixed in 142.0.7444.175-1) trixie: res

debian

CVE-2025-8880HIGHCVSS 8.8fixed in chromium 139.0.7258.127-1~deb12u1 (bookworm)2025

CVE-2025-8880 [HIGH] CVE-2025-8880: chromium - Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to... Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 139.0.7258.127-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258.127-1) sid: resolved (fixed in 139.0.7258.127-1) trixie: resolved (f

debian

← Previous12 / 109Next →