Debian Chromium vulnerabilities

CVE-2024-4060 [MEDIUM] CVE-2024-4060: chromium - Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote ... Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.78-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.78-1) sid: resolved (fixed in 124.0.6367.78-1) trixie: resol

CVE-2024-8907 [MEDIUM] CVE-2024-8907: chromium - Insufficient data validation in Omnibox in Google Chrome on Android prior to 129... Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 129.0.6668.58-1~deb12u1) bullseye: open

CVE-2024-4950 [MEDIUM] CVE-2024-4950: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.6... Inappropriate implementation in Downloads in Google Chrome prior to 125.0.6422.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 125.0.6422.60-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.60-

CVE-2024-8906 [MEDIUM] CVE-2024-8906: chromium - Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allow... Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 129.0.6668.58-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.58-1) s

CVE-2024-2628 [MEDIUM] CVE-2024-2628: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.5... Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1) trixie: resolv

CVE-2024-3175 [MEDIUM] CVE-2024-3175: chromium - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.... Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 120.0.6099.71-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.71-1~deb11u1) forky: resolved (fixed in 120.0.6099.71

CVE-2024-3516 [MEDIUM] CVE-2024-3516: chromium - Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a... Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.122-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.122-1) sid: resolved (fixed in 123.0.6312.122-1) tr

CVE-2024-13178 [MEDIUM] CVE-2024-13178: chromium - Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.... Inappropriate implementation in Fullscreen in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) trixi

CVE-2024-3844 [MEDIUM] CVE-2024-3844: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.... Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) tri

CVE-2024-5500 [MEDIUM] CVE-2024-5500: chromium - Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 all... Inappropriate implementation in Sign-In in Google Chrome prior to 1.3.36.351 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.6261.57-1) tr

CVE-2024-3838 [MEDIUM] CVE-2024-3838: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60... Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved

CVE-2024-2626 [MEDIUM] CVE-2024-2626: chromium - Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowe... Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1)

CVE-2024-7001 [MEDIUM] CVE-2024-7001: chromium - Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 all... Inappropriate implementation in HTML in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1)

CVE-2024-7975 [MEDIUM] CVE-2024-7975: chromium - Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613... Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) trixie

CVE-2024-2631 [MEDIUM] CVE-2024-2631: chromium - Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allo... Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1) trixie: resolved

CVE-2024-6777 [MEDIUM] CVE-2024-6777: chromium - Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an... Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 126.0.6478.182-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.64

CVE-2024-6999 [MEDIUM] CVE-2024-6999: chromium - Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 al... Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1

CVE-2024-0809 [MEDIUM] CVE-2024-0809: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85... Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1) tri

CVE-2024-3839 [MEDIUM] CVE-2024-3839: chromium - Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a re... Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed i

CVE-2024-5839 [MEDIUM] CVE-2024-5839: chromium - Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0... Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 12