Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 3 of 109

CVE-2026-5275HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5275 [HIGH] CVE-2026-5275: chromium - Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 al... Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie: re

debian

CVE-2026-5872HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5872 [HIGH] CVE-2026-5872: chromium - Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote... Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-3917HIGHCVSS 8.8fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3917 [HIGH] CVE-2026-3917: chromium - Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remot... Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie: resol

debian

CVE-2026-3910HIGHCVSS 8.8KEVfixed in chromium 146.0.7680.80-1~deb12u1 (bookworm)2026

CVE-2026-3910 [HIGH] CVE-2026-3910: chromium - Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allow... Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.80-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.80-1) sid: resolved (fixed in 146.0.7680.80-1)

debian

CVE-2026-2315HIGHCVSS 8.8fixed in chromium 145.0.7632.75-1~deb12u1 (bookworm)2026

CVE-2026-2315 [HIGH] CVE-2026-2315: chromium - Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 a... Inappropriate implementation in WebGPU in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.45-1) sid: resolved (fixed in 145.

debian

CVE-2026-5884HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5884 [HIGH] CVE-2026-5884: chromium - Insufficient validation of untrusted input in Media in Google Chrome prior to 14... Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: o

debian

CVE-2026-4464HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4464 [HIGH] CVE-2026-4464: chromium - Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a rem... Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie

debian

CVE-2026-2650HIGHCVSS 8.8fixed in chromium 145.0.7632.109-1~deb12u3 (bookworm)2026

CVE-2026-2650 [HIGH] CVE-2026-2650: chromium - Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a... Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 145.0.7632.109-1~deb12u3) bullseye: open forky: resolved (fixed in 145.0.7632.109-1) sid: resolved (fixed in 145.0.7632.109-1) tr

debian

CVE-2026-5861HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5861 [HIGH] CVE-2026-5861: chromium - Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote at... Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-3919HIGHCVSS 8.8fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3919 [HIGH] CVE-2026-3919: chromium - Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an ... Use after free in Extensions in Google Chrome prior to 146.0.7680.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) si

debian

CVE-2026-5873HIGHCVSS 8.8fixed in chromium 147.0.7727.55-1 (sid)2026

CVE-2026-5873 [HIGH] CVE-2026-5873: chromium - Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allow... Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: open bullseye: open forky: open sid: resolved (fixed in 147.0.7727.55-1) trixie: open

debian

CVE-2026-3914HIGHCVSS 8.8fixed in chromium 146.0.7680.71-1~deb12u1 (bookworm)2026

CVE-2026-3914 [HIGH] CVE-2026-3914: chromium - Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remo... Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.71-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.71-1) sid: resolved (fixed in 146.0.7680.71-1) trixie: reso

debian

CVE-2026-4677HIGHCVSS 8.8fixed in chromium 146.0.7680.164-1~deb12u1 (bookworm)2026

CVE-2026-4677 [HIGH] CVE-2026-4677: chromium - Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.16... Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.164-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.164-1) sid: resolved (fixed in 146.0.7680

debian

CVE-2026-2314HIGHCVSS 8.8fixed in chromium 145.0.7632.75-1~deb12u1 (bookworm)2026

CVE-2026-2314 [HIGH] CVE-2026-2314: chromium - Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a... Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 145.0.7632.75-1~deb12u1) bullseye: open forky: resolved (fixed in 145.0.7632.45-1) sid: resolved (fixed in 145.0.7632.45-1) trixie:

debian

CVE-2026-4446HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4446 [HIGH] CVE-2026-4446: chromium - Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remo... Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie: r

debian

CVE-2026-5285HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5285 [HIGH] CVE-2026-5285: chromium - Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remot... Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie

debian

CVE-2026-4447HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4447 [HIGH] CVE-2026-4447: chromium - Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allo... Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.15

debian

CVE-2026-5272HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5272 [HIGH] CVE-2026-5272: chromium - Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a r... Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie: resolved (f

debian

CVE-2026-4449HIGHCVSS 8.8fixed in chromium 146.0.7680.153-1~deb12u1 (bookworm)2026

CVE-2026-4449 [HIGH] CVE-2026-4449: chromium - Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remot... Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.153-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.153-1) sid: resolved (fixed in 146.0.7680.153-1) trixie: re

debian

CVE-2026-5274HIGHCVSS 8.8fixed in chromium 146.0.7680.177-1~deb12u1 (bookworm)2026

CVE-2026-5274 [HIGH] CVE-2026-5274: chromium - Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a re... Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 146.0.7680.177-1~deb12u1) bullseye: open forky: resolved (fixed in 146.0.7680.177-1) sid: resolved (fixed in 146.0.7680.177-1) trixie: resolv

debian

← Previous3 / 109Next →