Debian Chromium vulnerabilities

CVE-2024-7967 [HIGH] CVE-2024-7967: chromium - Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a ... Heap buffer overflow in Fonts in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) trixie:

CVE-2024-7979 [HIGH] CVE-2024-7979: chromium - Insufficient data validation in Installer in Google Chrome on Windows prior to 1... Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.

CVE-2024-8638 [HIGH] CVE-2024-8638: chromium - Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.137-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.137-1) sid: resolved (fixed in 128.0.6613.137-1) trixie: res

CVE-2024-3834 [HIGH] CVE-2024-3834: chromium - Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a re... Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) trixie: re

CVE-2024-1938 [HIGH] CVE-2024-1938: chromium - Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.94-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.94-1) sid: resolved (fixed in 122.0.6261.94-1) trixie: resolve

CVE-2024-3173 [HIGH] CVE-2024-3173: chromium - Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 ... Insufficient data validation in Updater in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.71-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.71-1~deb11u1) forky: resolved (fixed in 120.0.6099.71-1) s

CVE-2024-6990 [HIGH] CVE-2024-6990: chromium - Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 all... Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 12

CVE-2024-2627 [HIGH] CVE-2024-2627: chromium - Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remot... Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1) trixie: res

CVE-2024-10487 [HIGH] CVE-2024-10487: chromium - Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a re... Out of bounds write in Dawn in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 130.0.6723.91-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.91-1) sid: resolved (fixed in 130.0.6723.91-1) trix

CVE-2024-12693 [HIGH] CVE-2024-12693: chromium - Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allow... Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.204-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.204-1) sid: resolved (fixed in 131.0.6778.2

CVE-2024-9603 [HIGH] CVE-2024-9603: chromium - Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 129.0.6668.100 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.100-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.100-1) sid: resolved (fixed in 129.0.6668.100-1) trixie: resol

CVE-2024-8636 [HIGH] CVE-2024-8636: chromium - Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a ... Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.137-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.137-1) sid: resolved (fixed in 128.0.6613.137-1) trixi

CVE-2024-0517 [HIGH] CVE-2024-0517: chromium - Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a rem... Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.224-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.224-1~deb11u1) forky: resolved (fixed in 120.0.6099.224-1) sid: resol

CVE-2024-6994 [HIGH] CVE-2024-6994: chromium - Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a... Heap buffer overflow in Layout in Google Chrome prior to 127.0.6533.72 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.6533.88-1) trixi

CVE-2024-1939 [HIGH] CVE-2024-1939: chromium - Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.94-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.94-1) sid: resolved (fixed in 122.0.6261.94-1) trixie: resolved

CVE-2024-6772 [HIGH] CVE-2024-6772: chromium - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allo... Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.182-1) sid: resolved (fixed in 126.0.6478.182-1)

CVE-2024-4058 [HIGH] CVE-2024-4058: chromium - Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote... Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 124.0.6367.78-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.78-1) sid: resolved (fixed in 124.0.6367.78-1) trixie: re

CVE-2024-0807 [HIGH] CVE-2024-0807: chromium - Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a re... Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1) trixie: re

CVE-2024-12053 [HIGH] CVE-2024-12053: chromium - Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.108-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.108-1) sid: resolved (fixed in 131.0.6778.108-1) trixie: r

CVE-2024-10488 [HIGH] CVE-2024-10488: chromium - Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remot... Use after free in WebRTC in Google Chrome prior to 130.0.6723.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 130.0.6723.91-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.91-1) sid: resolved (fixed in 130.0.6723.91-1) trixie: res