Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 17 of 109

CVE-2025-14373MEDIUMCVSS 4.3fixed in chromium 143.0.7499.109-1~deb12u1 (bookworm)2025

CVE-2025-14373 [MEDIUM] CVE-2025-14373: chromium - Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143... Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 143.0.7499.109-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.109-1) sid: resolved (fixed in 143.0.7

debian

CVE-2025-12440MEDIUMCVSS 5.3fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-12440 [MEDIUM] CVE-2025-12440: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59... Inappropriate implementation in Autofill in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: ope

debian

CVE-2025-1923MEDIUMCVSS 4.3fixed in chromium 134.0.6998.35-1~deb12u1 (bookworm)2025

CVE-2025-1923 [MEDIUM] CVE-2025-1923: chromium - Inappropriate implementation in Permission Prompts in Google Chrome prior to 134... Inappropriate implementation in Permission Prompts in Google Chrome prior to 134.0.6998.35 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0

debian

CVE-2025-11216MEDIUMCVSS 6.3fixed in chromium 141.0.7390.54-1~deb12u1 (bookworm)2025

CVE-2025-11216 [MEDIUM] CVE-2025-11216: chromium - Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7... Inappropriate implementation in Storage in Google Chrome on Mac prior to 141.0.7390.54 allowed a remote attacker to perform domain spoofing via a crafted video file. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.54-1) sid: resolved (fixed in 141.0.7390.54-1)

debian

CVE-2025-1917MEDIUMCVSS 4.3fixed in chromium 134.0.6998.35-1~deb12u1 (bookworm)2025

CVE-2025-1917 [MEDIUM] CVE-2025-1917: chromium - Inappropriate implementation in Browser UI in Google Chrome on Android prior to ... Inappropriate implementation in Browser UI in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.35-1) sid: resolved (fixed in 134.0.6998.35

debian

CVE-2025-13992MEDIUMCVSS 4.7fixed in chromium 139.0.7258.66-1~deb12u1 (bookworm)2025

CVE-2025-13992 [MEDIUM] CVE-2025-13992: chromium - Side-channel information leakage in Navigation and Loading in Google Chrome prio... Side-channel information leakage in Navigation and Loading in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 139.0.7258.66-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258.66-1) sid: resolved (fixed in 139.

debian

CVE-2025-0442MEDIUMCVSS 6.5fixed in chromium 132.0.6834.83-1~deb12u1 (bookworm)2025

CVE-2025-0442 [MEDIUM] CVE-2025-0442: chromium - Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83... Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.8

debian

CVE-2025-12911MEDIUMCVSS 4.3fixed in chromium 140.0.7339.80-1~deb12u1 (bookworm)2025

CVE-2025-12911 [MEDIUM] CVE-2025-12911: chromium - Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339... Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.80-1) sid: resolved (fixed in 140.0.7339.80-1) trixie:

debian

CVE-2025-12435MEDIUMCVSS 5.4fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-12435 [MEDIUM] CVE-2025-12435: chromium - Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444... Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trix

debian

CVE-2025-12431MEDIUMCVSS 6.5fixed in chromium 142.0.7444.59-1~deb12u1 (bookworm)2025

CVE-2025-12431 [MEDIUM] CVE-2025-12431: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.... Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in

debian

CVE-2025-3070MEDIUMCVSS 6.5fixed in chromium 135.0.7049.52-1~deb12u1 (bookworm)2025

CVE-2025-3070 [MEDIUM] CVE-2025-3070: chromium - Insufficient validation of untrusted input in Extensions in Google Chrome prior ... Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 135.0.7049.52-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.7049.52-1) sid: resolved (fixed in 1

debian

CVE-2025-8579MEDIUMCVSS 4.3fixed in chromium 139.0.7258.66-1~deb12u1 (bookworm)2025

CVE-2025-8579 [MEDIUM] CVE-2025-8579: chromium - Inappropriate implementation in Picture In Picture in Google Chrome prior to 139... Inappropriate implementation in Picture In Picture in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 139.0.7258.66-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0

debian

CVE-2025-1922MEDIUMCVSS 4.3fixed in chromium 134.0.6998.35-1~deb12u1 (bookworm)2025

CVE-2025-1922 [MEDIUM] CVE-2025-1922: chromium - Inappropriate implementation in Selection in Google Chrome on Android prior to 1... Inappropriate implementation in Selection in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 134

debian

CVE-2025-4664MEDIUMCVSS 4.3fixed in chromium 136.0.7103.113-1~deb12u1 (bookworm)2025

CVE-2025-4664 [MEDIUM] CVE-2025-4664: chromium - Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.1... Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 136.0.7103.113-1~deb12u1) bullseye: open forky: resolved (fixed in 136.0.7103.113-1) sid: resolved (fixed in 136.0.7103.113-1) tri

debian

CVE-2025-5065MEDIUMCVSS 6.5fixed in chromium 137.0.7151.55-3~deb12u1 (bookworm)2025

CVE-2025-5065 [MEDIUM] CVE-2025-5065: chromium - Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 1... Inappropriate implementation in FileSystemAccess API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 137.0.7151.55-3~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.55-1) sid: resolved (fixed in 137.0.7151.55-

debian

CVE-2025-6557MEDIUMCVSS 5.4fixed in chromium 138.0.7204.49-1~deb12u1 (bookworm)2025

CVE-2025-6557 [MEDIUM] CVE-2025-6557: chromium - Insufficient data validation in DevTools in Google Chrome on Windows prior to 13... Insufficient data validation in DevTools in Google Chrome on Windows prior to 138.0.7204.49 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 138.0.7204.49-1~deb12u1) bullseye: open forky: resolved (fixed in 1

debian

CVE-2025-11212MEDIUMCVSS 6.3fixed in chromium 141.0.7390.54-1~deb12u1 (bookworm)2025

CVE-2025-11212 [MEDIUM] CVE-2025-11212: chromium - Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0... Inappropriate implementation in Media in Google Chrome on Windows prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed i

debian

CVE-2025-6556MEDIUMCVSS 5.4fixed in chromium 138.0.7204.49-1~deb12u1 (bookworm)2025

CVE-2025-6556 [MEDIUM] CVE-2025-6556: chromium - Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.4... Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 138.0.7204.49-1~deb12u1) bullseye: open forky: resolved (fixed in 138.0.7204.49-1) sid: resolved (fixed in 138.0.7204.49-1)

debian

CVE-2025-5281MEDIUMCVSS 5.4fixed in chromium 137.0.7151.55-3~deb12u1 (bookworm)2025

CVE-2025-5281 [MEDIUM] CVE-2025-5281: chromium - Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 ... Inappropriate implementation in BFCache in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially obtain user information via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 137.0.7151.55-3~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.55-1) sid: resolved (fixed in 137.0.7151.

debian

CVE-2025-11207MEDIUMCVSS 6.5fixed in chromium 141.0.7390.54-1~deb12u1 (bookworm)2025

CVE-2025-11207 [MEDIUM] CVE-2025-11207: chromium - Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390... Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.54-1) sid: resolved (fixed in 141.0.7390.5

debian

← Previous17 / 109Next →