Debian Chromium vulnerabilities

CVE-2023-4078 [HIGH] CVE-2023-4078: chromium - Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.... Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.170-1~deb12u1) bullseye: resolved (fixed

CVE-2023-6702 [HIGH] CVE-2023-6702: chromium - Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote a... Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.109-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.109-1~deb11u1) forky: resolved (fixed in 120.0.6099.109-1) sid: resolved (

CVE-2023-3730 [HIGH] CVE-2023-3730: chromium - Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a r... Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb1

CVE-2023-2033 [HIGH] CVE-2023-2033: chromium - Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote a... Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 112.0.5615.121-1) bullseye: resolved (fixed in 112.0.5615.121-1~deb11u1) forky: resolved (fixed in 112.0.5615.121-1) sid: resolved (fixed in

CVE-2023-0138 [HIGH] CVE-2023-0138: chromium - Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 a... Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb11u1) forky: resolved (fixed in 109.0.5414.74-1) sid: resol

CVE-2023-4070 [HIGH] CVE-2023-4070: chromium - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.170-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.170-1~deb11u1) forky: resolved (fixed in 115.0.5790.170-1) sid: resolved (fixed i

CVE-2023-2313 [HIGH] CVE-2023-2313: chromium - Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112... Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u2) forky: re

CVE-2023-1213 [HIGH] CVE-2023-1213: chromium - Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a ... Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) sid: resolved (fix

CVE-2023-4355 [HIGH] CVE-2023-4355: chromium - Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowe... Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.5845.96-1) sid: r

CVE-2023-0473 [HIGH] CVE-2023-0473: chromium - Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 all... Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.119-1) bullseye: resolved (fixed in 109.0.5414.119-1~deb11u1) forky: resolved (fixed in 109.0.5414.119-1) sid: r

CVE-2023-4077 [HIGH] CVE-2023-4077: chromium - Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.... Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 115.0.5790.170-1~deb12u1) bullseye: resolved (fixed

CVE-2023-2931 [HIGH] CVE-2023-2931: chromium - Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote a... Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.90-2~deb11u1) forky: resolved (fixed in 114.0.5735.90-1) sid: resolved (fixe

CVE-2023-4761 [HIGH] CVE-2023-4761: chromium - Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 al... Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.180-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.180-1~deb11u1) f

CVE-2023-1219 [HIGH] CVE-2023-1219: chromium - Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed ... Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (f

CVE-2023-4366 [HIGH] CVE-2023-4366: chromium - Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an ... Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) fork

CVE-2023-4572 [HIGH] CVE-2023-4572: chromium - Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a... Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.140-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.140-1~deb11u1) forky: resolved (fixed in 116.0.5845.140-1) sid: r

CVE-2023-5854 [HIGH] CVE-2023-5854: chromium - Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a re... Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb1

CVE-2023-5187 [HIGH] CVE-2023-5187: chromium - Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an... Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.132-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.132-1~deb11u1) for

CVE-2023-0927 [HIGH] CVE-2023-0927: chromium - Use after free in Web Payments API in Google Chrome on Android prior to 110.0.54... Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 110.0.5481.177-1) bullseye: resolved (fixed in 110.0.5481.177-1~deb11u1) f

CVE-2023-3732 [HIGH] CVE-2023-3732: chromium - Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allo... Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: