Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 22 of 109

CVE-2024-5838HIGHCVSS 8.8fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5838 [HIGH] CVE-2024-5838: chromium - Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: resolved

debian

CVE-2024-4331HIGHCVSS 8.8fixed in chromium 124.0.6367.118-1~deb12u1 (bookworm)2024

CVE-2024-4331 [HIGH] CVE-2024-4331: chromium - Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 al... Use after free in Picture In Picture in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.118-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.118-1) sid: resolved (fixed in 124.0.6367.118-

debian

CVE-2024-6774HIGHCVSS 8.8fixed in chromium 126.0.6478.182-1~deb12u1 (bookworm)2024

CVE-2024-6774 [HIGH] CVE-2024-6774: chromium - Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowe... Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.

debian

CVE-2024-6103HIGHCVSS 8.8fixed in chromium 126.0.6478.114-1~deb12u1 (bookworm)2024

CVE-2024-6103 [HIGH] CVE-2024-6103: chromium - Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote... Use after free in Dawn in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.114-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.114-1) sid: resolved (fixed in 126.0.6478.114-1) trixie: res

debian

CVE-2024-5834HIGHCVSS 8.8fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5834 [HIGH] CVE-2024-5834: chromium - Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 all... Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: resolv

debian

CVE-2024-2885HIGHCVSS 8.8fixed in chromium 123.0.6312.86-1~deb12u1 (bookworm)2024

CVE-2024-2885 [HIGH] CVE-2024-2885: chromium - Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote ... Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.86-1) sid: resolved (fixed in 123.0.6312.86-1) trixie: resolve

debian

CVE-2024-8905HIGHCVSS 8.8fixed in chromium 129.0.6668.58-1~deb12u1 (bookworm)2024

CVE-2024-8905 [HIGH] CVE-2024-8905: chromium - Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allow... Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 129.0.6668.58-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.58-1) sid: resolved (fixed in 129.0.6668.58-1)

debian

CVE-2024-9859HIGHCVSS 8.8fixed in chromium 126.0.6478.126-1~deb12u1 (bookworm)2024

CVE-2024-9859 [HIGH] CVE-2024-9859: chromium - Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a... Type confusion in WebAssembly in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.126-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.126-1) sid: resolved (fixed in 126.0.6478.126-1) trixie: resolved

debian

CVE-2024-0806HIGHCVSS 8.8fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-0806 [HIGH] CVE-2024-0806: chromium - Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a re... Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1) trix

debian

CVE-2024-8194HIGHCVSS 8.8fixed in chromium 128.0.6613.113-1~deb12u1 (bookworm)2024

CVE-2024-8194 [HIGH] CVE-2024-8194: chromium - Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.113-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.113-1) sid: resolved (fixed in 128.0.6613.113-1) trixie: resol

debian

CVE-2024-4761HIGHCVSS 8.8KEVfixed in chromium 124.0.6367.207-1~deb12u1 (bookworm)2024

CVE-2024-4761 [HIGH] CVE-2024-4761: chromium - Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a rem... Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.207-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.207-1) sid: resolved (fixed in 124.0.6367.207-1) trixie

debian

CVE-2024-5841HIGHCVSS 8.8fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5841 [HIGH] CVE-2024-5841: chromium - Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote at... Use after free in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: resolve

debian

CVE-2024-1669HIGHCVSS 8.8fixed in chromium 122.0.6261.57-1~deb12u1 (bookworm)2024

CVE-2024-1669 [HIGH] CVE-2024-1669: chromium - Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 all... Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.6261.57-1) t

debian

CVE-2024-6989HIGHCVSS 8.8fixed in chromium 127.0.6533.88-1~deb12u1 (bookworm)2024

CVE-2024-6989 [HIGH] CVE-2024-6989: chromium - Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remot... Use after free in Loader in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.6533.88-1) trixie: resol

debian

CVE-2024-3172HIGHCVSS 8.8fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-3172 [HIGH] CVE-2024-3172: chromium - Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85... Insufficient data validation in DevTools in Google Chrome prior to 121.0.6167.85 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85

debian

CVE-2024-6988HIGHCVSS 8.8fixed in chromium 127.0.6533.88-1~deb12u1 (bookworm)2024

CVE-2024-6988 [HIGH] CVE-2024-6988: chromium - Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allow... Use after free in Downloads in Google Chrome on iOS prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.6533.88-1) tri

debian

CVE-2024-0518HIGHCVSS 8.8fixed in chromium 120.0.6099.224-1~deb12u1 (bookworm)2024

CVE-2024-0518 [HIGH] CVE-2024-0518: chromium - Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote a... Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.224-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.224-1~deb11u1) forky: resolved (fixed in 120.0.6099.224-1) sid: resolved (

debian

CVE-2024-5846HIGHCVSS 8.8fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5846 [HIGH] CVE-2024-5846: chromium - Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remot... Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: reso

debian

CVE-2024-10826HIGHCVSS 8.8fixed in chromium 130.0.6723.116-1~deb12u1 (bookworm)2024

CVE-2024-10826 [HIGH] CVE-2024-10826: chromium - Use after free in Family Experiences in Google Chrome on Android prior to 130.0.... Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 130.0.6723.116-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.116-1) sid: resolved (fixed in 13

debian

CVE-2024-0812HIGHCVSS 8.8fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-0812 [HIGH] CVE-2024-0812: chromium - Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.61... Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6

debian

← Previous22 / 109Next →