Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 31 of 109

CVE-2024-1671MEDIUMCVSS 6.5fixed in chromium 122.0.6261.57-1~deb12u1 (bookworm)2024

CVE-2024-1671 [MEDIUM] CVE-2024-1671: chromium - Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6... Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in 122.0.626

debian

CVE-2024-3843MEDIUMCVSS 4.3fixed in chromium 124.0.6367.60-1~deb12u1 (bookworm)2024

CVE-2024-3843 [MEDIUM] CVE-2024-3843: chromium - Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.6... Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) trixie:

debian

CVE-2024-5840MEDIUMCVSS 6.5fixed in chromium 126.0.6478.56-1~deb12u1 (bookworm)2024

CVE-2024-5840 [MEDIUM] CVE-2024-5840: chromium - Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote a... Policy bypass in CORS in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 126.0.6478.56-1~deb12u1) bullseye: open forky: resolved (fixed in 126.0.6478.56-1) sid: resolved (fixed in 126.0.6478.56-1) trixie: reso

debian

CVE-2024-8033MEDIUMCVSS 4.3fixed in chromium 128.0.6613.84-1~deb12u1 (bookworm)2024

CVE-2024-8033 [MEDIUM] CVE-2024-8033: chromium - Inappropriate implementation in WebApp Installs in Google Chrome on Windows prio... Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 12

debian

CVE-2024-0811MEDIUMCVSS 4.3fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-0811 [MEDIUM] CVE-2024-0811: chromium - Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6... Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.

debian

CVE-2024-0810MEDIUMCVSS 4.3fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-0810 [MEDIUM] CVE-2024-0810: chromium - Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167... Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.

debian

CVE-2024-3846MEDIUMCVSS 4.3fixed in chromium 124.0.6367.60-1~deb12u1 (bookworm)2024

CVE-2024-3846 [MEDIUM] CVE-2024-3846: chromium - Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 ... Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1)

debian

CVE-2024-3515MEDIUMCVSS 6.5fixed in chromium 123.0.6312.122-1~deb12u1 (bookworm)2024

CVE-2024-3515 [MEDIUM] CVE-2024-3515: chromium - Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote... Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 123.0.6312.122-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.122-1) sid: resolved (fixed in 123.0.6312.122-1) trixie: r

debian

CVE-2024-8909MEDIUMCVSS 4.3fixed in chromium 129.0.6668.58-1~deb12u1 (bookworm)2024

CVE-2024-8909 [MEDIUM] CVE-2024-8909: chromium - Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.5... Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 129.0.6668.58-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.58-1) sid: resolved (fixed in 129.0.6668.58-1) trixie: res

debian

CVE-2024-4948MEDIUMCVSS 6.5fixed in chromium 125.0.6422.60-1~deb12u1 (bookworm)2024

CVE-2024-4948 [MEDIUM] CVE-2024-4948: chromium - Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote ... Use after free in Dawn in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 125.0.6422.60-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.60-1) sid: resolved (fixed in 125.0.6422.60-1) trixie: resol

debian

CVE-2024-4949MEDIUMCVSS 6.5fixed in chromium 125.0.6422.60-1~deb12u1 (bookworm)2024

CVE-2024-4949 [MEDIUM] CVE-2024-4949: chromium - Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote at... Use after free in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 125.0.6422.60-1~deb12u1) bullseye: open forky: resolved (fixed in 125.0.6422.60-1) sid: resolved (fixed in 125.0.6422.60-1) trixie: resol

debian

CVE-2024-4059MEDIUMCVSS 6.5fixed in chromium 124.0.6367.78-1~deb12u1 (bookworm)2024

CVE-2024-4059 [MEDIUM] CVE-2024-4059: chromium - Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a r... Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.78-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.78-1) sid: resolved (fixed in 124.0.6367.78-1) trixie: resolved (fixe

debian

CVE-2024-9964MEDIUMCVSS 4.3fixed in chromium 130.0.6723.58-1~deb12u1 (bookworm)2024

CVE-2024-9964 [MEDIUM] CVE-2024-9964: chromium - Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58... Inappropriate implementation in Payments in Google Chrome prior to 130.0.6723.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.67

debian

CVE-2024-3841MEDIUMCVSS 6.1fixed in chromium 124.0.6367.60-1~deb12u1 (bookworm)2024

CVE-2024-3841 [MEDIUM] CVE-2024-3841: chromium - Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0... Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixe

debian

CVE-2024-1672MEDIUMCVSS 5.4fixed in chromium 122.0.6261.57-1~deb12u1 (bookworm)2024

CVE-2024-1672 [MEDIUM] CVE-2024-1672: chromium - Inappropriate implementation in Content Security Policy in Google Chrome prior t... Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 122.0.6261.57-1~deb12u1) bullseye: open forky: resolved (fixed in 122.0.6261.57-1) sid: resolved (fixed in

debian

CVE-2024-8908MEDIUMCVSS 4.3fixed in chromium 129.0.6668.58-1~deb12u1 (bookworm)2024

CVE-2024-8908 [MEDIUM] CVE-2024-8908: chromium - Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58... Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 129.0.6668.58-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.58-1) sid: resolved (fixed in 129.0.6668.58-1) trixie: reso

debian

CVE-2024-2884MEDIUMCVSS 6.5fixed in chromium 121.0.6167.139-1~deb12u1 (bookworm)2024

CVE-2024-2884 [MEDIUM] CVE-2024-2884: chromium - Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remo... Out of bounds read in V8 in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 121.0.6167.139-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.139-1) sid: resolved (fixed in 121.0.6167.

debian

CVE-2024-11117MEDIUMCVSS 4.3fixed in chromium 131.0.6778.85-1~deb12u1 (bookworm)2024

CVE-2024-11117 [MEDIUM] CVE-2024-11117: chromium - Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.... Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 131.0.6778.85-1~deb12u1) bullseye: open forky: resolved (fixed in 131.0.6778.85-1) sid: resolved (fixed in 131.0.6778.85-

debian

CVE-2024-3914MEDIUMCVSS 6.5fixed in chromium 124.0.6367.60-1~deb12u1 (bookworm)2024

CVE-2024-3914 [MEDIUM] CVE-2024-3914: chromium - Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote at... Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) trixie: resolve

debian

CVE-2024-3847MEDIUMCVSS 6.1fixed in chromium 124.0.6367.60-1~deb12u1 (bookworm)2024

CVE-2024-3847 [MEDIUM] CVE-2024-3847: chromium - Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60... Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) sid: resolved (fixed in 124.0.6367.60-1) t

debian

← Previous31 / 109Next →