Debian Chromium vulnerabilities

CVE-2024-6779 [CRITICAL] CVE-2024-6779: chromium - Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allow... Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.182-1) sid: resolved (fixed in 126.0.6478.18

CVE-2024-7024 [CRITICAL] CVE-2024-7024: chromium - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allow... Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1)

CVE-2024-1284 [CRITICAL] CVE-2024-1284: chromium - Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote... Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.160-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.160-1) sid: resolved (fixed in 121.0.6167.160-1) trixie:

CVE-2024-0808 [CRITICAL] CVE-2024-0808: chromium - Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a rem... Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1) trixie: re

CVE-2024-5274 [CRITICAL] CVE-2024-5274: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.112-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.112-1) sid: resolved (fixed in 125.0.6422.112-1) trixi

CVE-2024-7971 [CRITICAL] CVE-2024-7971: chromium - Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote at... Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) trixie: resolved (fixed i

CVE-2024-4558 [CRITICAL] CVE-2024-4558: chromium - Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remot... Use after free in ANGLE in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.155-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.155-1) sid: resolved (fixed in 124.0.6367.155-1) trixie

CVE-2024-4671 [CRITICAL] CVE-2024-4671: chromium - Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a rem... Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.201-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.201-1) sid:

CVE-2024-4947 [CRITICAL] CVE-2024-4947: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.60-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.60-1) sid: resolved (fixed in 125.0.6422.60-1) trixie: r

CVE-2024-3157 [CRITICAL] CVE-2024-3157: chromium - Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.... Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.122-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.631

CVE-2024-7973 [HIGH] CVE-2024-7973: chromium - Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a... Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) trixi

CVE-2024-9956 [HIGH] CVE-2024-9956: chromium - Inappropriate implementation in WebAuthentication in Google Chrome on Android pr... Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) sid: resolved (fixed in

CVE-2024-7000 [HIGH] CVE-2024-7000: chromium - Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote a... Use after free in CSS in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1)

CVE-2024-7255 [HIGH] CVE-2024-7255: chromium - Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allow... Out of bounds read in WebTransport in Google Chrome prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.65

CVE-2024-8193 [HIGH] CVE-2024-8193: chromium - Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a ... Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.113-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.113-1) sid: r

CVE-2024-8904 [HIGH] CVE-2024-8904: chromium - Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.58-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.58-1) sid: resolved (fixed in 129.0.6668.58-1) trixie: resolved

CVE-2024-5837 [HIGH] CVE-2024-5837: chromium - Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixi

CVE-2024-5830 [HIGH] CVE-2024-5830: chromium - Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: resolve

CVE-2024-1059 [HIGH] CVE-2024-1059: chromium - Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allow... Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.139-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.139-1) sid: resolved (fixed in 121.0.6167.139-1)

CVE-2024-2883 [HIGH] CVE-2024-2883: chromium - Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote... Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.86-1) sid: resolved (fixed in 123.0.6312.86-1) trixie: re