Debian Chromium vulnerabilities

CVE-2024-7964 [HIGH] CVE-2024-7964: chromium - Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 a... Use after free in Passwords in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1)

CVE-2024-2173 [HIGH] CVE-2024-2173: chromium - Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allow... Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.111-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.111-1) sid: resolved (fixed in 122.0.6261.111-1)

CVE-2024-5158 [HIGH] CVE-2024-5158: chromium - Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to potentially perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.76-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.76-1) sid: resolved (fixed in 125.0.6422.76-1) trixie: reso

CVE-2024-1077 [HIGH] CVE-2024-1077: chromium - Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a rem... Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.139-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.139-1) sid: resolved (fixed in 121.0.6167.139-1) trixie: res

CVE-2024-7977 [HIGH] CVE-2024-7977: chromium - Insufficient data validation in Installer in Google Chrome on Windows prior to 1... Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.

CVE-2024-3176 [HIGH] CVE-2024-3176: chromium - Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allow... Out of bounds write in SwiftShader in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.62-1~deb11u1) forky: resolved (fixed in 117.0.5938.62-1) sid

CVE-2024-5497 [HIGH] CVE-2024-5497: chromium - Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.1... Out of bounds memory access in Browser UI in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.141-1~deb12u1) bullseye: open forky: resolved (fixed

CVE-2024-10229 [HIGH] CVE-2024-10229: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.... Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 130.0.6723.69-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.69-1) sid: resolved (fixed in 130.0.6723.69-1)

CVE-2024-0813 [HIGH] CVE-2024-0813: chromium - Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed a... Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.

CVE-2024-9954 [HIGH] CVE-2024-9954: chromium - Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote at... Use after free in AI in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) sid: resolved (fixed in 130.0.6723.58-1) trixie: resolved

CVE-2024-9602 [HIGH] CVE-2024-9602: chromium - Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.100-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.100-1) sid: resolved (fixed in 129.0.6668.100-1) trixie: res

CVE-2024-11115 [HIGH] CVE-2024-11115: chromium - Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 1... Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.85-1) sid: resolved (fixed in 1

CVE-2024-7025 [HIGH] CVE-2024-7025: chromium - Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a rem... Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.89-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.89-1) sid: resolved (fixed in 129.0.6668.89-1) trixie: res

CVE-2024-3174 [HIGH] CVE-2024-3174: chromium - Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allo... Inappropriate implementation in V8 in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1)

CVE-2024-6102 [HIGH] CVE-2024-6102: chromium - Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 all... Out of bounds memory access in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.114-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.114-1) sid: resolved (fixed in 126.0.6478.114-1

CVE-2024-6776 [HIGH] CVE-2024-6776: chromium - Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remot... Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.182-1) sid: resolved (fixed in 126.0.6478.182-1) trixie: re

CVE-2024-9961 [HIGH] CVE-2024-9961: chromium - Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 ... Use after free in ParcelTracking in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in

CVE-2024-3169 [HIGH] CVE-2024-3169: chromium - Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote a... Use after free in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.139-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.139-1) sid: resolved (fixed in 121.0.6167.139-1) trixie: resol

CVE-2024-3159 [HIGH] CVE-2024-3159: chromium - Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allow... Out of bounds memory access in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.105-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.105-1) sid: resolved (fixed in 123.0.6312.105-1) trixie:

CVE-2024-2174 [HIGH] CVE-2024-2174: chromium - Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allo... Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.111-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.111-1) sid: resolved (fixed in 122.0.6261.111-1)