Debian Chromium vulnerabilities

CVE-2023-5996 [HIGH] CVE-2023-5996: chromium - Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a re... Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 119.0.6045.123-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.123-1~deb11u1) forky: resolved (fixed in 119.0.6045.123-1) sid: reso

CVE-2023-6706 [HIGH] CVE-2023-6706: chromium - Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remot... Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 120.0.6099.109-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.109-1~deb11u1

CVE-2023-4428 [HIGH] CVE-2023-4428: chromium - Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allo... Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 116.0.5845.110-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.110-1~deb11u1) forky: resolved (fixed in 116.0.5845.110-1)

CVE-2023-4358 [HIGH] CVE-2023-4358: chromium - Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote a... Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.96-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.96-1~deb11u1) forky: resolved (fixed in 116.0.5845.96-1) sid: resolved (f

CVE-2023-0696 [HIGH] CVE-2023-0696: chromium - Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote at... Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1) forky: resolved (fixed in 110.0.5481.77-1) sid: resolved (fixed in 110

CVE-2023-1215 [HIGH] CVE-2023-1215: chromium - Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote a... Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.64-1) bullseye: resolved (fixed in 111.0.5563.64-1~deb11u1) forky: resolved (fixed in 111.0.5563.64-1) sid: resolved (fixed in 11

CVE-2023-0471 [HIGH] CVE-2023-0471: chromium - Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed ... Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 109.0.5414.119-1) bullseye: resolved (fixed in 109.0.5414.119-1~deb11u1) forky: resolved (fixed in 109.0.5414.119-1) sid: resolved

CVE-2023-1528 [HIGH] CVE-2023-1528: chromium - Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a r... Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 111.0.5563.110-1) bullseye: resolved (fixed in 111.0.5563.110-1~deb11u1) forky: resolved (fi

CVE-2023-5856 [HIGH] CVE-2023-5856: chromium - Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a ... Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 119.0.6045.105-1~deb12u1) bullseye: resolved (fixed in 119.0.6045.105-1~deb

CVE-2023-6510 [HIGH] CVE-2023-6510: chromium - Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed ... Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 120.0.6099.71-1~deb12u1) bullseye: resolved (fixed in 120.0.6099.7

CVE-2023-4076 [HIGH] CVE-2023-4076: chromium - Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remo... Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.170-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.170-1~deb11u1) forky: resolved (fixed in 115.0.5790.170-1) sid: r

CVE-2023-3422 [HIGH] CVE-2023-3422: chromium - Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an... Use after free in Guest View in Google Chrome prior to 114.0.5735.198 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 114.0.5735.198-1~deb12u1) bullseye: resolved (fixed in 114.0.5735.198-1~deb11u1) for

CVE-2023-3214 [HIGH] CVE-2023-3214: chromium - Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 all... Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 114.0.5735.133-1~deb12u1) bullseye: resolved (fixed in 114.0.5735.133-1~deb11u1) forky: resolved (fixed in 114.0.5735.133

CVE-2023-5474 [HIGH] CVE-2023-5474: chromium - Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a re... Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 118.0.5993.70-1~deb12u1) bullseye: resolved (fixed in 118.0.5993.70-1~de

CVE-2023-4431 [HIGH] CVE-2023-4431: chromium - Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 al... Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 116.0.5845.110-1~deb12u1) bullseye: resolved (fixed in 116.0.5845.110-1~deb11u1) forky: resolved (fixed in 116.0.5845.110

CVE-2023-4069 [HIGH] CVE-2023-4069: chromium - Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote a... Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.170-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.170-1~deb11u1) forky: resolved (fixed in 115.0.5790.170-1) sid: resolved (

CVE-2023-0135 [HIGH] CVE-2023-0135: chromium - Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attack... Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 109.0.5414.74-1) bullseye: resolved (fixed in 109.0.5414.74-2~deb

CVE-2023-2721 [HIGH] CVE-2023-2721: chromium - Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a ... Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) Scope: local bookworm: resolved (fixed in 113.0.5672.126-1) bullseye: resolved (fixed in 113.0.5672.126-1~deb11u1) forky: resolved (fixed in 113.0.5672.126-1) sid: resolv

CVE-2023-3727 [HIGH] CVE-2023-3727: chromium - Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remot... Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Scope: local bookworm: resolved (fixed in 115.0.5790.98-1~deb12u1) bullseye: resolved (fixed in 115.0.5790.98-1~deb11u1) forky: resolved (fixed in 115.0.5790.98-1) sid: resolved (

CVE-2023-0702 [HIGH] CVE-2023-0702: chromium - Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed ... Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Scope: local bookworm: resolved (fixed in 110.0.5481.77-1) bullseye: resolved (fixed in 110.0.5481.77-1~deb11u1