Debian Chromium vulnerabilities

CVE-2025-11210 [MEDIUM] CVE-2025-11210: chromium - Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 ... Side-channel information leakage in Tab in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.

CVE-2025-9865 [MEDIUM] CVE-2025-9865: chromium - Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140... Inappropriate implementation in Toolbar in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed i

CVE-2025-12436 [MEDIUM] CVE-2025-12436: chromium - Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an a... Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: r

CVE-2025-12728 [MEDIUM] CVE-2025-12728: chromium - Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142... Inappropriate implementation in Omnibox in Google Chrome on Android prior to 142.0.7444.137 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 142.0.7444.134-1~deb12u1) bullseye: open forky: resolved (fixed i

CVE-2025-3073 [MEDIUM] CVE-2025-3073: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52... Inappropriate implementation in Autofill in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 135.0.7049.52-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.7049.52-1

CVE-2025-9479 [MEDIUM] CVE-2025-9479: chromium - Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remo... Out of bounds read in V8 in Google Chrome prior to 133.0.6943.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 133.0.6943.141-1) sid: resolved (fixed in 133.0.6943.141-1) trixie

CVE-2025-13632 [MEDIUM] CVE-2025-13632: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41... Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixe

CVE-2025-6555 [MEDIUM] CVE-2025-6555: chromium - Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a re... Use after free in Animation in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 138.0.7204.49-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.49-1) sid: resolved (fixed in 138.0.7204.49-1) trixie

CVE-2025-0445 [MEDIUM] CVE-2025-0445: chromium - Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote at... Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 133.0.6943.53-1~deb12u1) bullseye: open forky: resolved (fixed in 133.0.6943.53-1) sid: resolved (fixed in 133.0.6943.53-1) trixie: resolve

CVE-2025-8577 [MEDIUM] CVE-2025-8577: chromium - Inappropriate implementation in Picture In Picture in Google Chrome prior to 139... Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 139.0.7258.66-1~deb12u1) bullseye: open forky: resolved (fixed in 13

CVE-2025-0440 [MEDIUM] CVE-2025-0440: chromium - Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to ... Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed in 132.0.6834.83

CVE-2025-3071 [MEDIUM] CVE-2025-3071: chromium - Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049... Inappropriate implementation in Navigations in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 135.0.7049.52-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.

CVE-2025-12445 [MEDIUM] CVE-2025-12445: chromium - Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an a... Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: r

CVE-2025-9867 [MEDIUM] CVE-2025-9867: chromium - Inappropriate implementation in Downloads in Google Chrome on Android prior to 1... Inappropriate implementation in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.80-1) sid: resolved (fixed in 140.0.7339.80-

CVE-2025-13097 [MEDIUM] CVE-2025-13097: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59... Inappropriate implementation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 136.0.7103.59-2~deb12u2) bullseye: open forky: resolved (fixed in 136.0.7103.59-2) sid: resolved (fixed in 136.0.7

CVE-2025-5064 [MEDIUM] CVE-2025-5064: chromium - Inappropriate implementation in Background Fetch API in Google Chrome prior to 1... Inappropriate implementation in Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 137.0.7151.55-3~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.55-1) sid: resolved (fixed in 137.0.7151.

CVE-2025-13635 [MEDIUM] CVE-2025-13635: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.4... Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (fixed in 143.0.7499.40-1) trixie: re

CVE-2025-13107 [MEDIUM] CVE-2025-13107: chromium - Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339... Inappropriate implementation in Compositing in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.80-1) sid: resolved (fixed in 140.0.7339.80-1) trixie:

CVE-2025-13636 [MEDIUM] CVE-2025-13636: chromium - Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.... Inappropriate implementation in Split View in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.749

CVE-2025-11215 [MEDIUM] CVE-2025-11215: chromium - Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote ... Off by one error in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.54-1) sid: resolved (fixed in 141.0.7390.54-1) trixie: