Debian Chromium vulnerabilities

CVE-2023-1529 [CRITICAL] CVE-2023-1529: chromium - Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 a... Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.110-1) bullseye: resolved (fixed in 111.0.5563.110-1~deb11u1) forky: resolved (fixed in 111.0.5563.110-1)

CVE-2023-1532 [HIGH] CVE-2023-1532: chromium - Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed... Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.110-1) bullseye: resolved (fixed in 111.0.5563.110-1~deb11u1) forky: resolved (fixed in 111.0.5563.110-1) sid: resolve

CVE-2023-2135 [HIGH] CVE-2023-2135: chromium - Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a re... Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 112.0.5615.138-1) bullseye: resolved (fixed in 112.0.5615.138-1~deb11u1) forky:

CVE-2023-4349 [HIGH] CVE-2023-4349: chromium - Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.9... Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.5845.96-1

CVE-2023-0472 [HIGH] CVE-2023-0472: chromium - Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remo... Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 109.0.5414.119-1) bullseye: resolved (fixed in 109.0.5414.119-1~deb11u1) forky: resolved (fixed in 109.0.5414.119-1) sid: resolved (fixe

CVE-2023-0705 [HIGH] CVE-2023-0705: chromium - Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remot... Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky: resolved (fixed in 110.0.5481.7

CVE-2023-0136 [HIGH] CVE-2023-0136: chromium - Inappropriate implementation in in Fullscreen API in Google Chrome on Android pr... Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (fixed in 109.0.54

CVE-2023-4362 [HIGH] CVE-2023-4362: chromium - Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowe... Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fi

CVE-2023-7024 [HIGH] CVE-2023-7024: chromium - Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed ... Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.129-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.129-1~deb11u1) forky: resolved (fixed in 120.0.6099.129-1) sid:

CVE-2023-4368 [HIGH] CVE-2023-4368: chromium - Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.... Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~

CVE-2023-1533 [HIGH] CVE-2023-1533: chromium - Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a ... Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.110-1) bullseye: resolved (fixed in 111.0.5563.110-1~deb11u1) forky: resolved (fixed in 111.0.5563.110-1) sid: resolved (

CVE-2023-5476 [HIGH] CVE-2023-5476: chromium - Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed ... Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) sid: r

CVE-2023-2725 [HIGH] CVE-2023-2725: chromium - Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an... Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 113.0.5672.126-1) bullseye: resolved (fixed in 113.0.5672.126-1~deb11u1) forky: reso

CVE-2023-5186 [HIGH] CVE-2023-5186: chromium - Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a r... Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.132-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.132-1~

CVE-2023-4075 [HIGH] CVE-2023-4075: chromium - Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote... Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.170-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.170-1~deb11u1) forky: resolved (fixed in 115.0.5790.170-1) sid: resolved

CVE-2023-2133 [HIGH] CVE-2023-2133: chromium - Out of bounds memory access in Service Worker API in Google Chrome prior to 112.... Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 112.0.5615.138-1) bullseye: resolved (fixed in 112.0.5615.138-1~deb11u1) forky: resolved (fixed in 112.0.5615.1

CVE-2023-4427 [HIGH] CVE-2023-4427: chromium - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allow... Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.110-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.110-1~deb11u1) forky: resolved (fixed in 116.0.5845.110-1) s

CVE-2023-1218 [HIGH] CVE-2023-1218: chromium - Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remot... Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) sid: resolved (fixed in

CVE-2023-0703 [HIGH] CVE-2023-0703: chromium - Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a rem... Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky:

CVE-2023-0128 [HIGH] CVE-2023-0128: chromium - Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.541... Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.7