Debian Chromium vulnerabilities

CVE-2024-0222 [HIGH] CVE-2024-0222: chromium - Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remot... Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.199-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.199-1~deb11u1) forky: resolved

CVE-2024-5157 [HIGH] CVE-2024-5157: chromium - Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a r... Use after free in Scheduling in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.76-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.76-1) sid: resolved (fixed in 125.0.6422.76-1) trixi

CVE-2024-2887 [HIGH] CVE-2024-2887: chromium - Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a ... Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.86-1) sid: resolved (fixed in 123.0.6312.86-1) trixie: resolved (fix

CVE-2024-0223 [HIGH] CVE-2024-0223: chromium - Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a... Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.199-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.199-1~deb11u1) forky: resolved (fixed in 120.0.6099.199-1) sid: r

CVE-2024-6100 [HIGH] CVE-2024-6100: chromium - Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.114-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.114-1) sid: resolved (fixed in 126.0.6478.114-1) trixie: resolved (fixed in

CVE-2024-7018 [HIGH] CVE-2024-7018: chromium - Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a re... Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.78-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.78-1) sid: resolved (fixed in 124.0.6367.78-1) trixie: r

CVE-2024-6775 [HIGH] CVE-2024-6775: chromium - Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed ... Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.64

CVE-2024-9122 [HIGH] CVE-2024-9122: chromium - Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 129.0.6668.70 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 129.0.6668.70-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.70-1) sid: resolved (fixed in 129.0.6668.70-1) trixie: resolved

CVE-2024-2400 [HIGH] CVE-2024-2400: chromium - Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 a... Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.128-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.128-1) sid: resolved (fixed in 122.0.6261.128

CVE-2024-6778 [HIGH] CVE-2024-6778: chromium - Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker wh... Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.1

CVE-2024-2176 [HIGH] CVE-2024-2176: chromium - Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remot... Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 122.0.6261.111-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.111-1) sid: resolved (fixed in 122.0.6261.111-1) trixie: re

CVE-2024-6291 [HIGH] CVE-2024-6291: chromium - Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a... Use after free in Swiftshader in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.126-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.126-1) sid: resolved (fixed in 126.0.6478.126-1) trix

CVE-2024-12695 [HIGH] CVE-2024-12695: chromium - Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a rem... Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.204-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.204-1) sid: resolved (fixed in 131.0.6778.204-1) tr

CVE-2024-1673 [HIGH] CVE-2024-1673: chromium - Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed ... Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid

CVE-2024-9955 [HIGH] CVE-2024-9955: chromium - Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allo... Use after free in WebAuthentication in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) sid: resolved (fixed in 130.0.6723.58-1)

CVE-2024-7980 [HIGH] CVE-2024-7980: chromium - Insufficient data validation in Installer in Google Chrome on Windows prior to 1... Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a crafted symbolic link. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.

CVE-2024-5836 [HIGH] CVE-2024-5836: chromium - Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54... Inappropriate Implementation in DevTools in Google Chrome prior to 126.0.6478.54 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56

CVE-2024-7970 [HIGH] CVE-2024-7970: chromium - Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a rem... Out of bounds write in V8 in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.119-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.119-1) sid: resolved (fixed in 128.0.6613.119-1) trixie:

CVE-2024-6293 [HIGH] CVE-2024-6293: chromium - Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote... Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.126-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.126-1) sid: resolved (fixed in 126.0.6478.126-1) trixie: res

CVE-2024-4368 [HIGH] CVE-2024-4368: chromium - Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote... Use after free in Dawn in Google Chrome prior to 124.0.6367.118 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.118-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.118-1) sid: resolved (fixed in 124.0.6367.118-1) trixie: res