Debian Chromium vulnerabilities

CVE-2024-0805 [MEDIUM] CVE-2024-0805: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.8... Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1) tr

CVE-2024-7004 [MEDIUM] CVE-2024-7004: chromium - Insufficient validation of untrusted input in Safe Browsing in Google Chrome pri... Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: re

CVE-2024-3845 [MEDIUM] CVE-2024-3845: chromium - Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60... Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) trix

CVE-2024-2629 [MEDIUM] CVE-2024-2629: chromium - Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a r... Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1) trixie: resolved (fix

CVE-2024-9958 [MEDIUM] CVE-2024-9958: chromium - Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0... Inappropriate implementation in PictureInPicture in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) sid: resolved (fixed in 130.0.6723.58-1) t

CVE-2024-5843 [MEDIUM] CVE-2024-5843: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.5... Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: r

CVE-2024-11111 [MEDIUM] CVE-2024-11111: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69... Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778

CVE-2024-4559 [MEDIUM] CVE-2024-4559: chromium - Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowe... Heap buffer overflow in WebAudio in Google Chrome prior to 124.0.6367.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.155-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.155-1) sid: resolved (fixed in 124.0.6367.155-1)

CVE-2024-8035 [MEDIUM] CVE-2024-8035: chromium - Inappropriate implementation in Extensions in Google Chrome on Windows prior to ... Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1)

CVE-2024-9962 [MEDIUM] CVE-2024-9962: chromium - Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723... Inappropriate implementation in Permissions in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.672

CVE-2024-7005 [MEDIUM] CVE-2024-7005: chromium - Insufficient validation of untrusted input in Safe Browsing in Google Chrome pri... Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a malicious file. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: re

CVE-2024-7981 [MEDIUM] CVE-2024-7981: chromium - Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 al... Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 128.0.6613.84-1) sid: resolved (fixed in 128.0.6613.84-1) trixie: resolve

CVE-2024-9963 [MEDIUM] CVE-2024-9963: chromium - Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.5... Insufficient data validation in Downloads in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.

CVE-2024-1676 [MEDIUM] CVE-2024-1676: chromium - Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.... Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.6261.57-1) trixie: reso

CVE-2024-0333 [MEDIUM] CVE-2024-0333: chromium - Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.... Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.216-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.216-1~deb11u1) forky: resolve

CVE-2024-7020 [MEDIUM] CVE-2024-7020: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60... Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) trixie: reso

CVE-2024-11110 [MEDIUM] CVE-2024-11110: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.... Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.85-1) sid: resolved (fixed in 131.0.6778.85-1

CVE-2024-7022 [MEDIUM] CVE-2024-7022: chromium - Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote... Uninitialized Use in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1) trixie: re

CVE-2024-7003 [MEDIUM] CVE-2024-7003: chromium - Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 al... Inappropriate implementation in FedCM in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) s

CVE-2024-6995 [MEDIUM] CVE-2024-6995: chromium - Inappropriate implementation in Fullscreen in Google Chrome on Android prior to ... Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open f