Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 26 of 109

CVE-2024-9120HIGHCVSS 8.8fixed in chromium 129.0.6668.70-1~deb12u1 (bookworm)2024

CVE-2024-9120 [HIGH] CVE-2024-9120: chromium - Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowe... Use after free in Dawn in Google Chrome on Windows prior to 129.0.6668.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.70-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.70-1) sid: resolved (fixed in 129.0.6668.70-1) trix

debian

CVE-2024-7972HIGHCVSS 8.8fixed in chromium 128.0.6613.84-1~deb12u1 (bookworm)2024

CVE-2024-7972 [HIGH] CVE-2024-7972: chromium - Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allow... Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.

debian

CVE-2024-7535HIGHCVSS 8.8fixed in chromium 127.0.6533.99-1~deb12u1 (bookworm)2024

CVE-2024-7535 [HIGH] CVE-2024-7535: chromium - Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allow... Inappropriate implementation in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.99-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.99-1) sid: resolved (fixed in 127.0.6533.99-1) tri

debian

CVE-2024-9959HIGHCVSS 8.8fixed in chromium 130.0.6723.58-1~deb12u1 (bookworm)2024

CVE-2024-9959 [HIGH] CVE-2024-9959: chromium - Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a rem... Use after free in DevTools in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) si

debian

CVE-2024-7974HIGHCVSS 8.8fixed in chromium 128.0.6613.84-1~deb12u1 (bookworm)2024

CVE-2024-7974 [HIGH] CVE-2024-7974: chromium - Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 a... Insufficient data validation in V8 API in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6

debian

CVE-2024-8637HIGHCVSS 8.8fixed in chromium 128.0.6613.137-1~deb12u1 (bookworm)2024

CVE-2024-8637 [HIGH] CVE-2024-8637: chromium - Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.1... Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.137-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.137-1) sid: resolved (fixed in 128.0.6613

debian

CVE-2024-6773HIGHCVSS 8.8fixed in chromium 126.0.6478.182-1~deb12u1 (bookworm)2024

CVE-2024-6773 [HIGH] CVE-2024-6773: chromium - Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allo... Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.182-1) sid: resolved (fixed in 126.0.6478.182-1)

debian

CVE-2024-3171HIGHCVSS 8.8fixed in chromium 122.0.6261.57-1~deb12u1 (bookworm)2024

CVE-2024-3171 [HIGH] CVE-2024-3171: chromium - Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed ... Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.

debian

CVE-2024-6997HIGHCVSS 8.8fixed in chromium 127.0.6533.88-1~deb12u1 (bookworm)2024

CVE-2024-6997 [HIGH] CVE-2024-6997: chromium - Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote ... Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1)

debian

CVE-2024-7536HIGHCVSS 8.8fixed in chromium 127.0.6533.99-1~deb12u1 (bookworm)2024

CVE-2024-7536 [HIGH] CVE-2024-7536: chromium - Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a rem... Use after free in WebAudio in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.99-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.99-1) sid: resolved (fixed in 127.0.6533.99-1) trixie: res

debian

CVE-2024-7532HIGHCVSS 8.8fixed in chromium 127.0.6533.99-1~deb12u1 (bookworm)2024

CVE-2024-7532 [HIGH] CVE-2024-7532: chromium - Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 all... Out of bounds memory access in ANGLE in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 127.0.6533.99-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.99-1) sid: resolved (fixed in 127.0.6533.99-

debian

CVE-2024-10827HIGHCVSS 8.8fixed in chromium 130.0.6723.116-1~deb12u1 (bookworm)2024

CVE-2024-10827 [HIGH] CVE-2024-10827: chromium - Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remo... Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 130.0.6723.116-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.116-1) sid: resolved (fixed in 130.0.6723.116-1) trixie:

debian

CVE-2024-5847HIGHCVSS 8.8fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5847 [HIGH] CVE-2024-5847: chromium - Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remot... Use after free in PDFium in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: reso

debian

CVE-2024-5831HIGHCVSS 8.8fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5831 [HIGH] CVE-2024-5831: chromium - Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote ... Use after free in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: resolve

debian

CVE-2024-0224HIGHCVSS 8.8fixed in chromium 120.0.6099.199-1~deb12u1 (bookworm)2024

CVE-2024-0224 [HIGH] CVE-2024-0224: chromium - Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a re... Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.199-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.199-1~deb11u1) forky: resolved (fixed in 120.0.6099.199-1) sid: reso

debian

CVE-2024-7550HIGHCVSS 8.8fixed in chromium 127.0.6533.99-1~deb12u1 (bookworm)2024

CVE-2024-7550 [HIGH] CVE-2024-7550: chromium - Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 127.0.6533.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 127.0.6533.99-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.99-1) sid: resolved (fixed in 127.0.6533.99-1) trixie: resolved

debian

CVE-2024-1670HIGHCVSS 8.8fixed in chromium 122.0.6261.57-1~deb12u1 (bookworm)2024

CVE-2024-1670 [HIGH] CVE-2024-1670: chromium - Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote ... Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.6261.57-1) trixie: resolve

debian

CVE-2024-5499HIGHCVSS 8.8fixed in chromium 125.0.6422.141-1~deb12u1 (bookworm)2024

CVE-2024-5499 [HIGH] CVE-2024-5499: chromium - Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allo... Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.141-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.141-1) sid: resolved (fixed in 125.0.6422.14

debian

CVE-2024-5159HIGHCVSS 8.8fixed in chromium 125.0.6422.76-1~deb12u1 (bookworm)2024

CVE-2024-5159 [HIGH] CVE-2024-5159: chromium - Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a ... Heap buffer overflow in ANGLE in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.76-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.76-1) sid: resolved (fixed in 125.0.6422.76-1) trixie:

debian

CVE-2024-3170HIGHCVSS 8.8fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-3170 [HIGH] CVE-2024-3170: chromium - Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remot... Use after free in WebRTC in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1) trixie: resol

debian

← Previous26 / 109Next →