Debian Chromium vulnerabilities

CVE-2024-3158 [HIGH] CVE-2024-3158: chromium - Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a r... Use after free in Bookmarks in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.105-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.105-1) sid: resolved (fixed in 123.0.6312.105-1) trixie

CVE-2024-5832 [HIGH] CVE-2024-5832: chromium - Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote ... Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: resolve

CVE-2024-5842 [HIGH] CVE-2024-5842: chromium - Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a r... Use after free in Browser UI in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.647

CVE-2024-5833 [HIGH] CVE-2024-5833: chromium - Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixi

CVE-2024-7534 [HIGH] CVE-2024-7534: chromium - Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a... Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.99-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.99-1) sid: resolved (fixed in 127.0.6533.99-1) trixie:

CVE-2024-12382 [HIGH] CVE-2024-12382: chromium - Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a r... Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.139-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.139-1) sid: resolved (fixed in 131.0.6778.139-1) trix

CVE-2024-9960 [HIGH] CVE-2024-9960: chromium - Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote ... Use after free in Dawn in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) sid: resolved (fixed in 130.0.6723.58-1) trixie: resol

CVE-2024-7968 [HIGH] CVE-2024-7968: chromium - Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a rem... Use after free in Autofill in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who had convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.

CVE-2024-1674 [HIGH] CVE-2024-1674: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.... Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.6261.57-1

CVE-2024-6290 [HIGH] CVE-2024-6290: chromium - Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote... Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.126-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.126-1) sid: resolved (fixed in 126.0.6478.126-1) trixie: res

CVE-2024-7256 [HIGH] CVE-2024-7256: chromium - Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.... Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.6533.88-1) tri

CVE-2024-5495 [HIGH] CVE-2024-5495: chromium - Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote... Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.141-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.141-1) sid: resolved (fixed in 125.0.6422.141-1) trixie: res

CVE-2024-12694 [HIGH] CVE-2024-12694: chromium - Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a... Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.204-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.204-1) sid: resolved (fixed in 131.0.6778.204-1) tr

CVE-2024-3832 [HIGH] CVE-2024-3832: chromium - Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote... Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) trixie: reso

CVE-2024-9123 [HIGH] CVE-2024-9123: chromium - Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remot... Integer overflow in Skia in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.70-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.70-1) sid: resolved (fixed in 129.0.6668.70-1) trixie: res

CVE-2024-3833 [HIGH] CVE-2024-3833: chromium - Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed... Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) tri

CVE-2024-5835 [HIGH] CVE-2024-5835: chromium - Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allow... Heap buffer overflow in Tab Groups in Google Chrome prior to 126.0.6478.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.

CVE-2024-7017 [HIGH] CVE-2024-7017: chromium - Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.18... Inappropriate implementation in DevTools in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.182-1) sid: resolved (fixed in 126.0.6478

CVE-2024-2625 [HIGH] CVE-2024-2625: chromium - Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a r... Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1) trixie:

CVE-2024-6292 [HIGH] CVE-2024-6292: chromium - Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote... Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.126-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.126-1) sid: resolved (fixed in 126.0.6478.126-1) trixie: res