Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 34 of 109

CVE-2023-3421HIGHCVSS 8.8fixed in chromium 114.0.5735.198-1~deb12u1 (bookworm)2023

CVE-2023-3421 [HIGH] CVE-2023-3421: chromium - Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remot... Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.198-1~deb12u1) bullseye: resolved (fixed in 114.0.5735.198-1~deb11u1) forky: resolved (fixed in 114.0.5735.198-1) sid: resolve

debian

CVE-2023-0699HIGHCVSS 8.8fixed in chromium 110.0.5481.77-1 (bookworm)2023

CVE-2023-0699 [HIGH] CVE-2023-0699: chromium - Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote a... Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky: resolved (fixed in 110.0.5481.77-1) sid

debian

CVE-2023-0698HIGHCVSS 8.8fixed in chromium 110.0.5481.77-1 (bookworm)2023

CVE-2023-0698 [HIGH] CVE-2023-0698: chromium - Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a r... Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky: resolved (fixed in 110.0.5481.77-1) sid: resolved (fix

debian

CVE-2023-2137HIGHCVSS 8.8fixed in chromium 112.0.5615.138-1 (bookworm)2023

CVE-2023-2137 [HIGH] CVE-2023-2137: chromium - Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed ... Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.138-1) bullseye: resolved (fixed in 112.0.5615.138-1~deb11u1) forky: resolved (fixed in 112.0.5615.138-1) sid: resolv

debian

CVE-2023-3598HIGHCVSS 8.8fixed in chromium 114.0.5735.90-2~deb12u1 (bookworm)2023

CVE-2023-3598 [HIGH] CVE-2023-3598: chromium - Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 al... Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.90-2~deb11u1) forky: resolved (fixed in 114.0.5735.90-1) si

debian

CVE-2023-5852HIGHCVSS 8.8fixed in chromium 119.0.6045.105-1~deb12u1 (bookworm)2023

CVE-2023-5852 [HIGH] CVE-2023-5852: chromium - Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a re... Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb1

debian

CVE-2023-4351HIGHCVSS 8.8fixed in chromium 116.0.5845.96-1~deb12u1 (bookworm)2023

CVE-2023-4351 [HIGH] CVE-2023-4351: chromium - Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remo... Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixe

debian

CVE-2023-0134HIGHCVSS 8.8fixed in chromium 109.0.5414.74-1 (bookworm)2023

CVE-2023-0134 [HIGH] CVE-2023-0134: chromium - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attack... Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb

debian

CVE-2023-0474HIGHCVSS 8.8fixed in chromium 109.0.5414.119-1 (bookworm)2023

CVE-2023-0474 [HIGH] CVE-2023-0474: chromium - Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an ... Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web app. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.119-1) bullseye: resolved (fixed in 109.0.5414.119-1~deb11u1) forky: resolv

debian

CVE-2023-2312HIGHCVSS 8.8fixed in chromium 116.0.5845.96-1~deb12u1 (bookworm)2023

CVE-2023-2312 [HIGH] CVE-2023-2312: chromium - Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 all... Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky

debian

CVE-2023-1220HIGHCVSS 8.8fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-1220 [HIGH] CVE-2023-1220: chromium - Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a re... Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed

debian

CVE-2023-5217HIGHCVSS 8.8KEVfixed in chromium 117.0.5938.132-1~deb12u1 (bookworm)2023

CVE-2023-5217 [HIGH] CVE-2023-5217: chromium - Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5... Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.132-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.132-1~deb11u1) forky: resolved

debian

CVE-2023-4429HIGHCVSS 8.8fixed in chromium 116.0.5845.110-1~deb12u1 (bookworm)2023

CVE-2023-4429 [HIGH] CVE-2023-4429: chromium - Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remo... Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.110-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.110-1~deb11u1) forky: resolved (fixed in 116.0.5845.110-1) sid: resolv

debian

CVE-2023-0932HIGHCVSS 8.8fixed in chromium 110.0.5481.177-1 (bookworm)2023

CVE-2023-0932 [HIGH] CVE-2023-0932: chromium - Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 all... Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 110.0.5481.177-1) bullseye: resolved (fixed in 110.0.5481.177-1~

debian

CVE-2023-0137HIGHCVSS 8.8fixed in chromium 109.0.5414.74-1 (bookworm)2023

CVE-2023-0137 [HIGH] CVE-2023-0137: chromium - Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109... Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2

debian

CVE-2023-4071HIGHCVSS 8.8fixed in chromium 115.0.5790.170-1~deb12u1 (bookworm)2023

CVE-2023-4071 [HIGH] CVE-2023-4071: chromium - Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed... Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.170-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.170-1~deb11u1) forky: resolved (fixed in 115.0.5790.170-1) sid:

debian

CVE-2023-3420HIGHCVSS 8.8fixed in chromium 114.0.5735.198-1~deb12u1 (bookworm)2023

CVE-2023-3420 [HIGH] CVE-2023-3420: chromium - Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.198-1~deb12u1) bullseye: resolved (fixed in 114.0.5735.198-1~deb11u1) forky: resolved (fixed in 114.0.5735.198-1) sid: resolved (

debian

CVE-2023-0941HIGHCVSS 8.8fixed in chromium 110.0.5481.177-1 (bookworm)2023

CVE-2023-0941 [HIGH] CVE-2023-0941: chromium - Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a rem... Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 110.0.5481.177-1) bullseye: resolved (fixed in 110.0.5481.177-1~deb11u1) forky: resolved (fixed in 110.0.5481.177-1) sid: resolved

debian

CVE-2023-5849HIGHCVSS 8.8fixed in chromium 119.0.6045.105-1~deb12u1 (bookworm)2023

CVE-2023-5849 [HIGH] CVE-2023-5849: chromium - Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remot... Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1) sid: resolve

debian

CVE-2023-5857HIGHCVSS 8.8fixed in chromium 119.0.6045.105-1~deb12u1 (bookworm)2023

CVE-2023-5857 [HIGH] CVE-2023-5857: chromium - Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.1... Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105

debian

← Previous34 / 109Next →