Debian Chromium vulnerabilities

CVE-2025-8582 [MEDIUM] CVE-2025-8582: chromium - Insufficient validation of untrusted input in Core in Google Chrome prior to 139... Insufficient validation of untrusted input in Core in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 139.0.7258.66-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258.66-1) sid: resolved (fixe

CVE-2025-0435 [MEDIUM] CVE-2025-0435: chromium - Inappropriate implementation in Navigation in Google Chrome on Android prior to ... Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 132.0.6834.83-1~deb12u1) bullseye: open forky: resolved (fixed in 132.0.6834.83-1) sid: resolved (fixed in 132.0.6834.83-1

CVE-2025-12439 [MEDIUM] CVE-2025-12439: chromium - Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows... Inappropriate implementation in App-Bound Encryption in Google Chrome on Windows prior to 142.0.7444.59 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0

CVE-2025-11208 [MEDIUM] CVE-2025-11208: chromium - Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 al... Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.54

CVE-2025-8881 [MEDIUM] CVE-2025-8881: chromium - Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258... Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 139.0.7258.127-1~deb12u1) bullseye: open forky: resolved (fixed in 139.

CVE-2025-12443 [MEDIUM] CVE-2025-12443: chromium - Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a re... Out of bounds read in WebXR in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 142.0.7444.59-1~deb12u1) bullseye: open forky: resolved (fixed in 142.0.7444.59-1) sid: resolved (fixed in 142.0.7444.59-1) tri

CVE-2025-0451 [MEDIUM] CVE-2025-0451: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6... Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 133.0.6943.53-1~deb12u1) bullseye: open forky: resolved (fixed in

CVE-2025-3072 [MEDIUM] CVE-2025-3072: chromium - Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049... Inappropriate implementation in Custom Tabs in Google Chrome prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 135.0.7049.52-1~deb12u1) bullseye: open forky: resolved (fixed in 135.0.7049.5

CVE-2025-14372 [MEDIUM] CVE-2025-14372: chromium - Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allo... Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 143.0.7499.109-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.109-1) sid: resolved (fixed in 143.0.7499

CVE-2025-8583 [MEDIUM] CVE-2025-8583: chromium - Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258... Inappropriate implementation in Permissions in Google Chrome prior to 139.0.7258.66 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 139.0.7258.66-1~deb12u1) bullseye: open forky: resolved (fixed in 139.0.7258.66-1) sid: resolved (fixed in 139.0.7258.66-1) trixie: r

CVE-2025-12910 [MEDIUM] CVE-2025-12910: chromium - Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80... Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local attacker to obtain potentially sensitive information via debug logs. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 140.0.7339.80-1~deb12u1) bullseye: open forky: resolved (fixed in 140.0.7339.80-1) sid: resolved (fixed in 140.0.7339.80-1)

CVE-2025-14174 [HIGH] CVE-2025-14174: chromium - Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499... Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-12908 [MEDIUM] CVE-2025-12908: chromium - Insufficient validation of untrusted input in Downloads in Google Chrome on Andr... Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7339.80 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-13102 [MEDIUM] CVE-2025-13102: chromium - Inappropriate implementation in WebApp Installs in Google Chrome on Android prio... Inappropriate implementation in WebApp Installs in Google Chrome on Android prior to 134.0.6998.35 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-13640 [LOW] CVE-2025-13640: chromium - Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.4... Inappropriate implementation in Passwords in Google Chrome prior to 143.0.7499.41 allowed a local attacker to bypass authentication via physical access to the device. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 143.0.7499.40-1~deb12u1) bullseye: open forky: resolved (fixed in 143.0.7499.40-1) sid: resolved (fixed in 143.0.7499.40-1) t

CVE-2025-11219 [LOW] CVE-2025-11219: chromium - Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote at... Use after free in V8 in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 141.0.7390.54-1~deb12u1) bullseye: open forky: resolved (fixed in 141.0.7390.54-1) sid: resolved (fixed in 141.0.7390.54-1) trixi

CVE-2025-2783 [HIGH] CVE-2025-2783: chromium - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome ... Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-12905 [MEDIUM] CVE-2025-12905: chromium - Inappropriate implementation in Downloads in Google Chrome on Windows prior to 1... Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed a remote attacker to bypass Mark of the Web via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-9369 [CRITICAL] CVE-2024-9369: chromium - Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 all... Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.89-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.8

CVE-2024-1283 [CRITICAL] CVE-2024-1283: chromium - Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a ... Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.160-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.160-1) sid: resolved (fixed in 121.0.6167.160-1) t