Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 28 of 109

CVE-2024-8639HIGHCVSS 8.8fixed in chromium 128.0.6613.137-1~deb12u1 (bookworm)2024

CVE-2024-8639 [HIGH] CVE-2024-8639: chromium - Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 a... Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.137-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.137-1) sid: resolved (fixed in 128.0.6613.137

debian

CVE-2024-0804HIGHCVSS 7.5fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-0804 [HIGH] CVE-2024-0804: chromium - Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121... Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1

debian

CVE-2024-10230HIGHCVSS 8.8fixed in chromium 130.0.6723.69-1~deb12u1 (bookworm)2024

CVE-2024-10230 [HIGH] CVE-2024-10230: chromium - Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 130.0.6723.69-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.69-1) sid: resolved (fixed in 130.0.6723.69-1) trixie: resolve

debian

CVE-2024-6998HIGHCVSS 8.8fixed in chromium 127.0.6533.88-1~deb12u1 (bookworm)2024

CVE-2024-6998 [HIGH] CVE-2024-6998: chromium - Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed... Use after free in User Education in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.

debian

CVE-2024-11395HIGHCVSS 8.8fixed in chromium 131.0.6778.85-1~deb12u1 (bookworm)2024

CVE-2024-11395 [HIGH] CVE-2024-11395: chromium - Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.85-1) sid: resolved (fixed in 131.0.6778.85-1) trixie: resolve

debian

CVE-2024-9965HIGHCVSS 8.8fixed in chromium 130.0.6723.58-1~deb12u1 (bookworm)2024

CVE-2024-9965 [HIGH] CVE-2024-9965: chromium - Insufficient data validation in DevTools in Google Chrome on Windows prior to 13... Insufficient data validation in DevTools in Google Chrome on Windows prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130

debian

CVE-2024-5844HIGHCVSS 8.8fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5844 [HIGH] CVE-2024-5844: chromium - Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowe... Heap buffer overflow in Tab Strip in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) t

debian

CVE-2024-1060HIGHCVSS 8.8fixed in chromium 121.0.6167.139-1~deb12u1 (bookworm)2024

CVE-2024-1060 [HIGH] CVE-2024-1060: chromium - Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remo... Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 121.0.6167.139-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.139-1) sid: resolved (fixed in 121.0.6167.139-1) trixie: r

debian

CVE-2024-3156HIGHCVSS 8.8fixed in chromium 123.0.6312.105-1~deb12u1 (bookworm)2024

CVE-2024-3156 [HIGH] CVE-2024-3156: chromium - Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allo... Inappropriate implementation in V8 in Google Chrome prior to 123.0.6312.105 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.105-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.105-1) sid: resolved (fixed in 123.0

debian

CVE-2024-5160HIGHCVSS 8.8fixed in chromium 125.0.6422.76-1~deb12u1 (bookworm)2024

CVE-2024-5160 [HIGH] CVE-2024-5160: chromium - Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a r... Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.76-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.76-1) sid: resolved (fixed in 125.0.6422.76-1) trixie:

debian

CVE-2024-7965HIGHCVSS 8.8KEVfixed in chromium 128.0.6613.84-1~deb12u1 (bookworm)2024

CVE-2024-7965 [HIGH] CVE-2024-7965: chromium - Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allow... Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) tri

debian

CVE-2024-8198HIGHCVSS 8.8fixed in chromium 128.0.6613.113-1~deb12u1 (bookworm)2024

CVE-2024-8198 [HIGH] CVE-2024-8198: chromium - Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a ... Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.113 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.113-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.113-1) sid: r

debian

CVE-2024-8362HIGHCVSS 8.8fixed in chromium 128.0.6613.119-1~deb12u1 (bookworm)2024

CVE-2024-8362 [HIGH] CVE-2024-8362: chromium - Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a re... Use after free in WebAudio in Google Chrome prior to 128.0.6613.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 128.0.6613.119-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.119-1) sid: resolved (fixed in 128.0.6613.119-1) trixie:

debian

CVE-2024-11113HIGHCVSS 8.8fixed in chromium 131.0.6778.85-1~deb12u1 (bookworm)2024

CVE-2024-11113 [HIGH] CVE-2024-11113: chromium - Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed ... Use after free in Accessibility in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.85-1) si

debian

CVE-2024-10231HIGHCVSS 8.8fixed in chromium 130.0.6723.69-1~deb12u1 (bookworm)2024

CVE-2024-10231 [HIGH] CVE-2024-10231: chromium - Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote at... Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 130.0.6723.69-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.69-1) sid: resolved (fixed in 130.0.6723.69-1) trixie: resolve

debian

CVE-2024-5493HIGHCVSS 8.8fixed in chromium 125.0.6422.141-1~deb12u1 (bookworm)2024

CVE-2024-5493 [HIGH] CVE-2024-5493: chromium - Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed ... Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.141-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.141-1) sid: resolved (fixed in 125.0.6422.141-1) tri

debian

CVE-2024-12692HIGHCVSS 8.8fixed in chromium 131.0.6778.204-1~deb12u1 (bookworm)2024

CVE-2024-12692 [HIGH] CVE-2024-12692: chromium - Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.204-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.204-1) sid: resolved (fixed in 131.0.6778.204-1) trixie: res

debian

CVE-2024-11116MEDIUMCVSS 4.3fixed in chromium 131.0.6778.85-1~deb12u1 (bookworm)2024

CVE-2024-11116 [MEDIUM] CVE-2024-11116: chromium - Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 al... Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.85

debian

CVE-2024-7976MEDIUMCVSS 4.3fixed in chromium 128.0.6613.84-1~deb12u1 (bookworm)2024

CVE-2024-7976 [MEDIUM] CVE-2024-7976: chromium - Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 al... Inappropriate implementation in FedCM in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) trixie: reso

debian

CVE-2024-8034MEDIUMCVSS 4.3fixed in chromium 128.0.6613.84-1~deb12u1 (bookworm)2024

CVE-2024-8034 [MEDIUM] CVE-2024-8034: chromium - Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to... Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1

debian

← Previous28 / 109Next →