Debian Chromium vulnerabilities

2,176 known vulnerabilities affecting debian/chromium.

Total CVEs

2,176

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL102HIGH1256MEDIUM754LOW56UNKNOWN8

Vulnerabilities

Page 37 of 109

CVE-2023-3728HIGHCVSS 8.8fixed in chromium 115.0.5790.98-1~deb12u1 (bookworm)2023

CVE-2023-3728 [HIGH] CVE-2023-3728: chromium - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remot... Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolved (fixed in 115.0.5790.98-1) sid: resolved (

debian

CVE-2023-5997HIGHCVSS 8.8fixed in chromium 119.0.6045.159-1~deb12u1 (bookworm)2023

CVE-2023-5997 [HIGH] CVE-2023-5997: chromium - Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 al... Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.159-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.159-1~deb11u1) forky: resolved (fixed in 119.0.6045.159-1)

debian

CVE-2023-1227HIGHCVSS 8.8fixed in chromium 111.0.5563.64-1 (bookworm)2023

CVE-2023-1227 [HIGH] CVE-2023-1227: chromium - Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed... Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb1

debian

CVE-2023-5346HIGHCVSS 8.8fixed in chromium 117.0.5938.149-1~deb12u1 (bookworm)2023

CVE-2023-5346 [HIGH] CVE-2023-5346: chromium - Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote a... Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 117.0.5938.149-1~deb12u1) bullseye: resolved (fixed in 117.0.5938.149-1~deb11u1) forky: resolved (fixed in 117.0.5938.149-1) sid: resolved (

debian

CVE-2023-5218HIGHCVSS 8.8fixed in chromium 118.0.5993.70-1~deb12u1 (bookworm)2023

CVE-2023-5218 [HIGH] CVE-2023-5218: chromium - Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed... Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~deb11u1) forky: resolved (fixed in 118.0.5993.70-1) sid

debian

CVE-2023-6704HIGHCVSS 8.8fixed in chromium 120.0.6099.109-1~deb12u1 (bookworm)2023

CVE-2023-6704 [HIGH] CVE-2023-6704: chromium - Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a rem... Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.109-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.109-1~deb11u1) forky: resolved (fixed in 120.0.6099.109-1) sid: reso

debian

CVE-2023-6347HIGHCVSS 8.8fixed in chromium 119.0.6045.199-1~deb12u1 (bookworm)2023

CVE-2023-6347 [HIGH] CVE-2023-6347: chromium - Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote... Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.199-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.199-1~deb11u1) forky: resolved (fixed in 119.0.6045.199-1) sid: resolved

debian

CVE-2023-2930HIGHCVSS 8.8fixed in chromium 114.0.5735.90-2~deb12u1 (bookworm)2023

CVE-2023-2930 [HIGH] CVE-2023-2930: chromium - Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an ... Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.90-2~deb11u1) forky:

debian

CVE-2023-3217HIGHCVSS 8.8fixed in chromium 114.0.5735.133-1~deb12u1 (bookworm)2023

CVE-2023-3217 [HIGH] CVE-2023-3217: chromium - Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remot... Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.133-1~deb12u1) bullseye: resolved (fixed in 114.0.5735.133-1~deb11u1) forky: resolved (fixed in 114.0.5735.133-1) sid: resolve

debian

CVE-2023-6509HIGHCVSS 8.8fixed in chromium 120.0.6099.71-1~deb12u1 (bookworm)2023

CVE-2023-6509 [HIGH] CVE-2023-6509: chromium - Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allo... Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.71-1~deb12u1) bullseye: resolved (fixed in 120.0.6099

debian

CVE-2023-2934HIGHCVSS 8.8fixed in chromium 114.0.5735.90-2~deb12u1 (bookworm)2023

CVE-2023-2934 [HIGH] CVE-2023-2934: chromium - Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allo... Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.90-2~deb12u1) bullseye: resolved (fixed in 114.0.5735.90-2~deb11u1) forky: resolved (fixed in 114.0.5735.90-1) sid:

debian

CVE-2023-6346HIGHCVSS 8.8fixed in chromium 119.0.6045.199-1~deb12u1 (bookworm)2023

CVE-2023-6346 [HIGH] CVE-2023-6346: chromium - Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a re... Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.199-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.199-1~deb11u1) forky: resolved (fixed in 119.0.6045.199-1) sid: reso

debian

CVE-2023-5482HIGHCVSS 8.8fixed in chromium 119.0.6045.105-1~deb12u1 (bookworm)2023

CVE-2023-5482 [HIGH] CVE-2023-5482: chromium - Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 all... Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb11u1) forky: resolved (fixed in 119.0.6045.105-1)

debian

CVE-2023-4762HIGHCVSS 8.8KEVfixed in chromium 116.0.5845.180-1~deb12u1 (bookworm)2023

CVE-2023-4762 [HIGH] CVE-2023-4762: chromium - Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.180-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.180-1~deb11u1) forky: resolved (fixed in 116.0.5845.180-1) sid: resolved (fixed in 116.

debian

CVE-2023-4352HIGHCVSS 8.8fixed in chromium 116.0.5845.96-1~deb12u1 (bookworm)2023

CVE-2023-4352 [HIGH] CVE-2023-4352: chromium - Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote at... Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.5845.96-1) sid: resolved (fixe

debian

CVE-2023-6707HIGHCVSS 8.8fixed in chromium 120.0.6099.109-1~deb12u1 (bookworm)2023

CVE-2023-6707 [HIGH] CVE-2023-6707: chromium - Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote ... Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 120.0.6099.109-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.109-1~deb11u1) forky: resolved (fixed in 120.0.6099.109-1) sid: resolve

debian

CVE-2023-1531HIGHCVSS 8.8fixed in chromium 111.0.5563.110-1 (bookworm)2023

CVE-2023-1531 [HIGH] CVE-2023-1531: chromium - Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remot... Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.110-1) bullseye: resolved (fixed in 111.0.5563.110-1~deb11u1) forky: resolved (fixed in 111.0.5563.110-1) sid: resolved (fixed

debian

CVE-2023-1815HIGHCVSS 8.8fixed in chromium 112.0.5615.49-1 (bookworm)2023

CVE-2023-1815 [HIGH] CVE-2023-1815: chromium - Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowe... Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 112.0.5615.49-1) bullseye: resolved (fixed in 112.0.5615.49-2~deb11u

debian

CVE-2023-1530HIGHCVSS 8.8fixed in chromium 111.0.5563.110-1 (bookworm)2023

CVE-2023-1530 [HIGH] CVE-2023-1530: chromium - Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote ... Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.110-1) bullseye: resolved (fixed in 111.0.5563.110-1~deb11u1) forky: resolved (fixed in 111.0.5563.110-1) sid: resolved (fixed i

debian

CVE-2023-6348HIGHCVSS 8.8fixed in chromium 119.0.6045.199-1~deb12u1 (bookworm)2023

CVE-2023-6348 [HIGH] CVE-2023-6348: chromium - Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a ... Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.199-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.199-1~deb11u1) forky: res

debian

← Previous37 / 109Next →