Debian Chromium vulnerabilities

CVE-2024-5496 [HIGH] CVE-2024-5496: chromium - Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed... Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.141-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.141-1) sid: resolved (fixed in 125.0.6422.141-1

CVE-2024-12381 [HIGH] CVE-2024-12381: chromium - Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.139-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.139-1) sid: resolved (fixed in 131.0.6778.139-1) trixie: res

CVE-2024-11114 [HIGH] CVE-2024-11114: chromium - Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0... Inappropriate implementation in Views in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 1

CVE-2024-11112 [HIGH] CVE-2024-11112: chromium - Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allow... Use after free in Media in Google Chrome on Windows prior to 131.0.6778.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.85-1) sid: resolved (fixed in 131.0.6778.85-1)

CVE-2024-6991 [HIGH] CVE-2024-6991: chromium - Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote ... Use after free in Dawn in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.6533.88-1) trixie: resolve

CVE-2024-7969 [HIGH] CVE-2024-7969: chromium - Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.113-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.113-1) sid: resolved (fixed in 128.0.6613.113-1) trixie: resol

CVE-2024-0225 [HIGH] CVE-2024-0225: chromium - Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remo... Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.199-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.199-1~deb11u1) forky: resolved (fixed in 120.0.6099.199-1) sid: resolv

CVE-2024-9957 [HIGH] CVE-2024-9957: chromium - Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a re... Use after free in UI in Google Chrome on iOS prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.

CVE-2024-5845 [HIGH] CVE-2024-5845: chromium - Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote... Use after free in Audio in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: resol

CVE-2024-7966 [HIGH] CVE-2024-7966: chromium - Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allo... Out of bounds memory access in Skia in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) si

CVE-2024-3837 [HIGH] CVE-2024-3837: chromium - Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote ... Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved

CVE-2024-1675 [HIGH] CVE-2024-1675: chromium - Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261... Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.6261.57-

CVE-2024-7533 [HIGH] CVE-2024-7533: chromium - Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed... Use after free in Sharing in Google Chrome on iOS prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.99-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.99-1) sid: resolved (fixed in 127.0.6533.99-1) trixi

CVE-2024-3840 [HIGH] CVE-2024-3840: chromium - Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.... Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.63

CVE-2024-6101 [HIGH] CVE-2024-6101: chromium - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allo... Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.114-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.114-1) sid: resolved (fixed in 126.0.6478.114-1)

CVE-2024-9121 [HIGH] CVE-2024-9121: chromium - Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allow... Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.70-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.70-1) sid: resolved (fixed in 129.0.66

CVE-2024-2886 [HIGH] CVE-2024-2886: chromium - Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a re... Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.86-1) sid: resolved (fixed in 123.0.6312.86-1) trixie: resolved

CVE-2024-0519 [HIGH] CVE-2024-0519: chromium - Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allow... Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.224-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.224-1~deb11u1) forky: resolved (fixed in 120.0.6099.224-1) si

CVE-2024-5494 [HIGH] CVE-2024-5494: chromium - Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote... Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.141-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.141-1) sid: resolved (fixed in 125.0.6422.141-1) trixie: res

CVE-2024-3168 [HIGH] CVE-2024-3168: chromium - Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a rem... Use after free in DevTools in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.6261.57-1) trixie: r