Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 32 of 109

CVE-2024-2630MEDIUMCVSS 6.5fixed in chromium 123.0.6312.86-1~deb12u1 (bookworm)2024

CVE-2024-2630 [MEDIUM] CVE-2024-2630: chromium - Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allo... Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 123.0.6312.86-1~deb12u1) bullseye: open forky: resolved (fixed in 123.0.6312.58-1) sid: resolved (fixed in 123.0.6312.58-1) trixie: res

debian

CVE-2024-0814MEDIUMCVSS 6.5fixed in chromium 121.0.6167.85-1~deb12u1 (bookworm)2024

CVE-2024-0814 [MEDIUM] CVE-2024-0814: chromium - Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowe... Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 121.0.6167.85-1~deb12u1) bullseye: open forky: resolved (fixed in 121.0.6167.85-1) sid: resolved (fixed in 121.0.6167.85-1) trixie

debian

CVE-2024-9966MEDIUMCVSS 5.3fixed in chromium 130.0.6723.58-1~deb12u1 (bookworm)2024

CVE-2024-9966 [MEDIUM] CVE-2024-9966: chromium - Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723... Inappropriate implementation in Navigations in Google Chrome prior to 130.0.6723.58 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 130.0.6723.58-1~deb12u1) bullseye: open forky: resolved (fixed in 130.0.6723.58-1) sid: resolved (fixed in 130.0.6723.58-1

debian

CVE-2024-7019MEDIUMCVSS 4.3fixed in chromium 124.0.6367.60-1~deb12u1 (bookworm)2024

CVE-2024-7019 [MEDIUM] CVE-2024-7019: chromium - Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allow... Inappropriate implementation in UI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 124.0.6367.60-1~deb12u1) bullseye: open forky: resolved (fixed in 124.0.6367.60-1) s

debian

CVE-2024-7978MEDIUMCVSS 4.3fixed in chromium 128.0.6613.84-1~deb12u1 (bookworm)2024

CVE-2024-7978 [MEDIUM] CVE-2024-7978: chromium - Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0... Insufficient policy enforcement in Data Transfer in Google Chrome prior to 128.0.6613.84 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 128.0.6613.84-1~deb12u1) bullseye: open forky: resolved (fixed in 1

debian

CVE-2024-13983LOWCVSS 6.32024

CVE-2024-13983 [MEDIUM] CVE-2024-13983: chromium - Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103... Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a remote attacker to perform UI spoofing via a crafted QR code. (Chromium security severity: Low) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2024-11920LOWCVSS 4.32024

CVE-2024-11920 [MEDIUM] CVE-2024-11920: chromium - Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723... Inappropriate implementation in Dawn in Google Chrome on Mac prior to 130.0.6723.92 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2024-11919LOWCVSS 4.32024

CVE-2024-11919 [MEDIUM] CVE-2024-11919: chromium - Inappropriate implementation in Intents in Google Chrome on Android prior to 129... Inappropriate implementation in Intents in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2024-7021LOWCVSS 4.32024

CVE-2024-7021 [MEDIUM] CVE-2024-7021: chromium - Inappropriate implementation in Autofill in Google Chrome on Windows prior to 12... Inappropriate implementation in Autofill in Google Chrome on Windows prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2024-7023LOWCVSS 8.82024

CVE-2024-7023 [HIGH] CVE-2024-7023: chromium - Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 a... Insufficient data validation in Updater in Google Chrome prior to 128.0.6537.0 allowed a remote attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2024-9126LOWCVSS 7.52024

CVE-2024-9126 [HIGH] CVE-2024-9126: chromium - Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allow... Use after free in Internals in Google Chrome on iOS prior to 127.0.6533.88 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a series of curated UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2024-6996LOWCVSS 3.1fixed in chromium 127.0.6533.88-1~deb12u1 (bookworm)2024

CVE-2024-6996 [LOW] CVE-2024-6996: chromium - Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker... Race in Frames in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in

debian

CVE-2024-1694LOWCVSS 7.82024

CVE-2024-1694 [HIGH] CVE-2024-1694: chromium - Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chr... Inappropriate implementation in Google Updator prior to 1.3.36.351 in Google Chrome allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

debian

CVE-2024-6992UNKNOWNfixed in chromium 127.0.6533.88-1~deb12u1 (bookworm)2024

CVE-2024-6992 CVE-2024-6992: chromium bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.6533.88-1) trixie: resolved (fixed in 127.0.6533.88-1)

debian

CVE-2024-9370UNKNOWNfixed in chromium 129.0.6668.89-1~deb12u1 (bookworm)2024

CVE-2024-9370 CVE-2024-9370: chromium bookworm: resolved (fixed in 129.0.6668.89-1~deb12u1) bullseye: open forky: resolved (fixed in 129.0.6668.89-1) sid: resolved (fixed in 129.0.6668.89-1) trixie: resolved (fixed in 129.0.6668.89-1)

debian

CVE-2024-6993UNKNOWNfixed in chromium 127.0.6533.88-1~deb12u1 (bookworm)2024

CVE-2024-6993 CVE-2024-6993: chromium bookworm: resolved (fixed in 127.0.6533.88-1~deb12u1) bullseye: open forky: resolved (fixed in 127.0.6533.88-1) sid: resolved (fixed in 127.0.6533.88-1) trixie: resolved (fixed in 127.0.6533.88-1)

debian

CVE-2023-7012CRITICALCVSS 9.6fixed in chromium 117.0.5938.62-1~deb12u1 (bookworm)2023

CVE-2023-7012 [CRITICAL] CVE-2023-7012: chromium - Insufficient data validation in Permission Prompts in Google Chrome prior to 117... Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 117.0.5938.62-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.

debian

CVE-2023-2136CRITICALCVSS 9.6KEVfixed in chromium 112.0.5615.138-1 (bookworm)2023

CVE-2023-2136 [CRITICAL] CVE-2023-2136: chromium - Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remo... Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 112.0.5615.138-1) bullseye: resolved (fixed in 112.0.5615.138-1~deb11u1) forky: resolved (

debian

CVE-2023-4860CRITICALCVSS 9.6fixed in chromium 115.0.5790.98-1~deb12u1 (bookworm)2023

CVE-2023-4860 [CRITICAL] CVE-2023-4860: chromium - Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 all... Inappropriate implementation in Skia in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1)

debian

CVE-2023-6345CRITICALCVSS 9.6KEVfixed in chromium 119.0.6045.199-1~deb12u1 (bookworm)2023

CVE-2023-6345 [CRITICAL] CVE-2023-6345: chromium - Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remo... Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.199-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.199-1~deb11u1) forky: resol

debian

← Previous32 / 109Next →