Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 2 of 109

CVE-2026-5907HIGHCVSS 8.1fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5907 [HIGH] CVE-2026-5907: chromium - Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 al... Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-5279HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5279 [HIGH] CVE-2026-5279: chromium - Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remot... Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie

debian

CVE-2026-0902HIGHCVSS 8.8fixed in chromium 144.0.7559.59-1~deb12u1 (bookworm)2026

CVE-2026-0902 [HIGH] CVE-2026-0902: chromium - Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allow... Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 144.0.7559.59-1~deb12u1) bullseye: open forky: resolved (fixed in 144.0.7559.59-1) sid: resolved (fixed in 144.0.7559.59-1)

debian

CVE-2026-4680HIGHCVSS 8.8fixed in chromium 146.0.7680.164-1~deb12u1 (bookworm)2026

CVE-2026-4680 [HIGH] CVE-2026-4680: chromium - Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remot... Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.164-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.164-1) sid: resolved (fixed in 146.0.7680.164-1) trixie

debian

CVE-2026-4452HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4452 [HIGH] CVE-2026-4452: chromium - Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 al... Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-

debian

CVE-2026-5868HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5868 [HIGH] CVE-2026-5868: chromium - Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 all... Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-4463HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4463 [HIGH] CVE-2026-4463: chromium - Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed ... Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) tri

debian

CVE-2026-5278HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5278 [HIGH] CVE-2026-5278: chromium - Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 a... Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie: r

debian

CVE-2026-4459HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4459 [HIGH] CVE-2026-4459: chromium - Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.15... Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.

debian

CVE-2026-5292HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5292 [HIGH] CVE-2026-5292: chromium - Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed... Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1)

debian

CVE-2026-5866HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5866 [HIGH] CVE-2026-5866: chromium - Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote... Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-5870HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5870 [HIGH] CVE-2026-5870: chromium - Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remot... Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-3921HIGHCVSS 8.8fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3921 [HIGH] CVE-2026-3921: chromium - Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a... Use after free in TextEncoding in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie:

debian

CVE-2026-3536HIGHCVSS 8.8fixed in chromium 145.0.7632.159-1~deb12u1 (bookworm)2026

CVE-2026-3536 [HIGH] CVE-2026-3536: chromium - Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a rem... Integer overflow in ANGLE in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 145.0.7632.159-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.159-1) sid: resolved (fixed in 145.0.7632

debian

CVE-2026-4458HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4458 [HIGH] CVE-2026-4458: chromium - Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an... Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680

debian

CVE-2026-5904HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5904 [HIGH] CVE-2026-5904: chromium - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker... Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-3539HIGHCVSS 8.8fixed in chromium 145.0.7632.159-1~deb12u1 (bookworm)2026

CVE-2026-3539 [HIGH] CVE-2026-3539: chromium - Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allo... Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.159-1~deb12u1) bullseye: open forky: resolved (fixed in 145.

debian

CVE-2026-5871HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5871 [HIGH] CVE-2026-5871: chromium - Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-3923HIGHCVSS 8.8fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3923 [HIGH] CVE-2026-3923: chromium - Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remo... Use after free in WebMIDI in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie: reso

debian

CVE-2026-5914HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5914 [HIGH] CVE-2026-5914: chromium - Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacke... Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

← Previous2 / 109Next →