Debian Chromium vulnerabilities

CVE-2025-8011 [HIGH] CVE-2025-8011: chromium - Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 138.0.7204.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 138.0.7204.168-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.168-1) sid: resolved (fixed in 138.0.7204.168-1) trixie: resol

CVE-2025-3069 [HIGH] CVE-2025-3069: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.... Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 135.0.7049.52-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.7049.52-1) sid: resolved (fixed in 135.0.7049.52-1)

CVE-2025-1914 [HIGH] CVE-2025-1914: chromium - Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remot... Out of bounds read in V8 in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.35-1) sid: resolved (fixed in 134.0.6998.35-1) trixie: resol

CVE-2025-0436 [HIGH] CVE-2025-0436: chromium - Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remot... Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed in 132.0.6834.83-1) trixie: resol

CVE-2025-0612 [HIGH] CVE-2025-0612: chromium - Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allow... Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 132.0.6834.110-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.110-1) sid: resolved (fixed in 132.0.6834.110-1)

CVE-2025-11205 [HIGH] CVE-2025-11205: chromium - Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a... Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.54-1) sid:

CVE-2025-0437 [HIGH] CVE-2025-0437: chromium - Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a ... Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed in 132.0.6834.83-1) trixie:

CVE-2025-13223 [HIGH] CVE-2025-13223: chromium - Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.175-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.175-1) sid: resolved (fixed in 142.0.7444.175-1) trixie: res

CVE-2025-1918 [HIGH] CVE-2025-1918: chromium - Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a r... Out of bounds read in PDFium in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to potentially perform out of bounds memory access via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.35-1) sid: resolved (fixed in 134.0.6998.35

CVE-2025-5959 [HIGH] CVE-2025-5959: chromium - Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 137.0.7151.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 137.0.7151.103-1~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.103-1) sid: resolved (fixed in 137.0.7151.103-1) trixie: r

CVE-2025-10201 [HIGH] CVE-2025-10201: chromium - Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeO... Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 140.0.7339.127-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.127-1) sid: resolved (fixed in

CVE-2025-6191 [HIGH] CVE-2025-6191: chromium - Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote... Integer overflow in V8 in Google Chrome prior to 137.0.7151.119 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 137.0.7151.119-1~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.119-1) sid: resolved (fixed in 137.0.7151.119-1)

CVE-2025-0434 [HIGH] CVE-2025-0434: chromium - Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowe... Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed in 132.0.6834.83-1) trix

CVE-2025-13228 [HIGH] CVE-2025-13228: chromium - Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trixie: resolve

CVE-2025-13042 [HIGH] CVE-2025-13042: chromium - Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allo... Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.162-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.162-1) sid: resolved (fixed in 142.0.7444.162-

CVE-2025-3066 [HIGH] CVE-2025-3066: chromium - Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed... Use after free in Site Isolation in Google Chrome prior to 135.0.7049.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 135.0.7049.84-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.7049.84-1) sid: resolved (fixed in 135.0.7049.84-1) trixi

CVE-2025-14766 [HIGH] CVE-2025-14766: chromium - Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allo... Out of bounds read and write in V8 in Google Chrome prior to 143.0.7499.147 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 143.0.7499.169-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.169-1) sid: resolved (fixed in 143.0.7499.169-

CVE-2025-13630 [HIGH] CVE-2025-13630: chromium - Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 143.0.7499.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (fixed in 143.0.7499.40-1) trixie: resolve

CVE-2025-1915 [HIGH] CVE-2025-1915: chromium - Improper Limitation of a Pathname to a Restricted Directory in DevTools in Googl... Improper Limitation of a Pathname to a Restricted Directory in DevTools in Google Chrome on Windows prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) b

CVE-2025-13230 [HIGH] CVE-2025-13230: chromium - Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trixie: resolve