Debian Chromium vulnerabilities

CVE-2025-12441 [MEDIUM] CVE-2025-12441: chromium - Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remot... Out of bounds read in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) trixie

CVE-2025-4051 [MEDIUM] CVE-2025-4051: chromium - Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59... Insufficient data validation in DevTools in Google Chrome prior to 136.0.7103.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 136.0.7103.59-2~deb12u2) bullseye: open forky: resolved (fixed

CVE-2025-12906 [MEDIUM] CVE-2025-12906: chromium - Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339... Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.80-1) sid: resolved (fixed in 140.0.7339.80-1) trixie:

CVE-2025-8581 [MEDIUM] CVE-2025-8581: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.... Inappropriate implementation in Extensions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 139.0.7258.66-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258

CVE-2025-5067 [MEDIUM] CVE-2025-5067: chromium - Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.5... Inappropriate implementation in Tab Strip in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 137.0.7151.55-3~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.55-1) sid: resolved (fixed in 137.0.7151.55-1) trixie: res

CVE-2025-12909 [MEDIUM] CVE-2025-12909: chromium - Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339... Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.80-1) sid: resolved (fixed in 140.0.7339.80-1) trixie: resolve

CVE-2025-12446 [MEDIUM] CVE-2025-12446: chromium - Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allow... Incorrect security UI in SplitView in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted domain name. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1)

CVE-2025-1921 [MEDIUM] CVE-2025-1921: chromium - Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.699... Inappropriate implementation in Media Stream in Google Chrome prior to 134.0.6998.35 allowed a remote attacker to obtain information about a peripheral via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 134.0.6998.35-1~deb12u1) bullseye: open forky: resolved (fixed in 134.0.6998.35-1) sid: resolved (fixed in 134.

CVE-2025-13637 [MEDIUM] CVE-2025-13637: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.4... Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass download protections via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.

CVE-2025-13634 [MEDIUM] CVE-2025-13634: chromium - Inappropriate implementation in Downloads in Google Chrome on Windows prior to 1... Inappropriate implementation in Downloads in Google Chrome on Windows prior to 143.0.7499.41 allowed a local attacker to bypass mark of the web via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (fixed in 143.0.7499

CVE-2025-0444 [MEDIUM] CVE-2025-0444: chromium - Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote ... Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 133.0.6943.53-1~deb12u1) bullseye: open forky: resolved (fixed in 133.0.6943.53-1) sid: resolved (fixed in 133.0.6943.53-1) trixie: resol

CVE-2025-12447 [MEDIUM] CVE-2025-12447: chromium - Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444... Incorrect security UI in Omnibox in Google Chrome on Android prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444

CVE-2025-0446 [MEDIUM] CVE-2025-0446: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.... Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.

CVE-2025-11213 [MEDIUM] CVE-2025-11213: chromium - Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141... Inappropriate implementation in Omnibox in Google Chrome on Android prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed

CVE-2025-0439 [MEDIUM] CVE-2025-0439: chromium - Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker... Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed

CVE-2025-12434 [MEDIUM] CVE-2025-12434: chromium - Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a rem... Race in Storage in Google Chrome on Windows prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: re

CVE-2025-5283 [MEDIUM] CVE-2025-5283: chromium - Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remot... Use after free in libvpx in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 137.0.7151.55-3~deb12u1) bullseye: open forky: resolved (fixed in 137.0.7151.55-1) sid: resolved (fixed in 137.0.7151.55-1) trixie: r

CVE-2025-5066 [MEDIUM] CVE-2025-5066: chromium - Inappropriate implementation in Messages in Google Chrome on Android prior to 13... Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 137.0.7151.55-3~deb12u1) bullseye: open forky: resolved (fixed in 1

CVE-2025-0441 [MEDIUM] CVE-2025-0441: chromium - Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.68... Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: res

CVE-2025-12444 [MEDIUM] CVE-2025-12444: chromium - Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 a... Incorrect security UI in Fullscreen UI in Google Chrome prior to 142.0.7444.59 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1